Chris Howell, Wickr CTO
It seems every new app or online service these days is designed to entice you to share your activity, location, or personal information at all times. The result is almost too predictable at this point – sooner or later, the data is exposed and we are shocked to discover a privacy breach.
Why does this keep happening? Some say: buyer beware. Their argument is if users cared about their privacy, they would make different choices. I say that blames the victim.
I believe that the developers and providers of digital products carry responsibility. While yes, consumers often give up too much of their information in exchange for free services, by and large these concessions are made by uninformed users who have no real recourse if things go badly and their privacy is compromised.
Too often, apps offer no meaningful ways for users to turn privacy-related features on and off. When these controls are present, they are almost always buried somewhere in a settings menu as if nobody wanted them to be found. When they are found, they are almost always off by default, requiring users to take an extra step to opt in and often worded in a way that’s confusing so users are afraid to mess with it.
Aside from the settings chicanery, rarely do providers go out of their way to educate users about privacy risk or to show how to minimize as they use the product. Not being up front about the privacy risks your app presents is as shady as a drug company not informing people of potential side effects.
Recently, researchers identified a privacy issue related to Strava, a fitness app. Its location-based tracking manifested as a heat map showing routes taken by runners around the world. As it turned out, with that information, you could pin point known military bases and secret stations, infer patrol routes and even the location of individual military personnel. I took a look and as you could probably guess, the privacy settings are off by default. Even the “Private By Default” setting is off – by default. Ironic.
It’s time to start treating users with respect. Don’t hand someone a proverbial loaded gun and act surprised when they hurt themselves with it. Don’t trick users into taking privacy risks. Don’t rely on them being too busy to find or afraid to ask. Explain it to them. Be proactive. Get their buy-in. Stop turning privacy off by default.