Your SlideShare is downloading. ×
0
caseorganic.com

Designing for privacy in
mobile and web apps
Interaction '14
Amber Case
@caseorganic
caseorganic.com
caseorganic.com

Part I:

Present Day
caseorganic.com

What is
Privacy?
caseorganic.com

The ability to have control
over where your content goes
and who it is accessed by.
caseorganic.com

The ability to choose what
content you share, view and
access without being tracked.
caseorganic.com

Privacy is the ability
not to be surprised.
caseorganic.com
caseorganic.com

Privacy can also be a feeling
or perception of security.
This perception of security can
be designed.
caseorganic.com
caseorganic.com

Privacy on the Web
Old Web:
Social silos don't exist. Where you go on
the web is not tracked
New Web:
Log...
caseorganic.com

“We invest much of our lives into
virtual ‘condos’ that anyone can
walk into and do what they like.”
-@ra...
caseorganic.com

We're all
sharecropping

indiewebcamp.com/sharecropping
caseorganic.com

Changing user interfaces

twitter.com
caseorganic.com

How can we design for
privacy?
1. Temporary Solution (Privacy by Design)
2. Longer term Solution (Data Ow...
caseorganic.com

Part II:
Privacy by
Design
caseorganic.com

Smartphone Cameras
caseorganic.com

Google
Glass
caseorganic.com

What was different?
•

Design and product launch

•

Developer on-boarding fail

•

Secrecy/Mystery/Exclu...
caseorganic.com

Results
•

Reduced play

•

Confusion

•

Pseudo-elite status

•

Fear

•

Speculation
caseorganic.com

Questions people ask me when I’m
wearing Google Glass
caseorganic.com

Compare to iPhone
Developer Launch
Development tools available before
new hardware/OS released
• $99 fee
...
caseorganic.com

Trying to "Calm"
the device
Headbanding: “moving
one's Glass before entering
an establishment"
caseorganic.com

Half of privacy is perceived
The idea of privacy is socially created and
attached to behavioral norms.
Be...
caseorganic.com

Success
Narrative (formerly Memoto)

http://getnarrative.com/
caseorganic.com

Why?
•Designed
•Built

to be "calm"

upon previous products (iteration)

•Clearly

defined. (Lifelogging d...
caseorganic.com

Part III:

Building privacy into
mobile and web apps
#dataprivacy
caseorganic.com

1. Get a privacy policy
Privacy policies are regret
management tools.
Only 30% of mobile app
developers h...
caseorganic.com

Minimum Viable Privacy Policy:
Who you are (identity and contact details),
Categories of personal data th...
caseorganic.com

2. Simplify and Consolidate
Privacy policies should be easy
to understand
Create two sections – Plain Tex...
caseorganic.com

Terms of Service; Didn't Read
MEDIUM
Reserves the right to use your name and content for
any purpose fore...
caseorganic.com

How many of you have
read the entire iTunes
privacy policy?
caseorganic.com

What about Creative Commons?
caseorganic.com

3. Allow people to access /
export their data
caseorganic.com

4. Privacy by design vs. privacy by
disaster
Privacy consideration should be
incorporated into every aspe...
caseorganic.com

5. Consolidate and simplify
settings and permissions
Make controls
easy to access.
On/off switches,
simpl...
caseorganic.com

6. Contextual Privacy
Instagram, Facebook,
Foursquare do this well.
Expose privacy controls
with every pi...
caseorganic.com

7. No one is perfect
Hosting user data is a
privilege, not a right
Apologize immediately if
you make a mi...
caseorganic.com

8. Authentication and Permissions
•

Allow for
temporary
authenticatio
n
Show data
options and
time
caseorganic.com

8. Authentication and Permissions

When in doubt
give control
caseorganic.com

9. Community Involvement
caseorganic.com

10. Be Clever: Accomplish your
goals in the least amount of
moves*

*even/especially if it takes more tim...
caseorganic.com

Part IV:

The Future of
Privacy and Data
Ownership
caseorganic.com

Easier to Consume
vs. Create
caseorganic.com
caseorganic.com

Own your own data
Build your own website

Use social networks for
distribution
Web frameworks will emerge...
caseorganic.com

What
happened?
caseorganic.com

Blogs

| RSS Readers
caseorganic.com

2003: RSS/ATOM WARS
caseorganic.com

Pingbacks/
Trackbacks:
a way to tell if someone
linked to your site
caseorganic.com

Pingback Spam
caseorganic.com

Picking up from where 2003
left off
. Need a way to own our data
1. Learn and improve on what
we're doing...
caseorganic.com

POSSE
Publish (on your) Own Site, Syndicate
Elsewhere
Tweet is published to your own site and sent by
you...
caseorganic.com

PESOS
Publish Elsewhere, Syndicate (to
your) Own Site

indiewebcamp.com/PESOS
caseorganic.com

Webmentions

indiewebcamp.com/PESOS
caseorganic.com

Webmentions
caseorganic.com

Indiewebcamp.com
caseorganic.com

Why do we need an IndieWeb?
Afraid of losing your photos and files
1 Frozen account due to violated TOS
2...
caseorganic.com
caseorganic.com

Freedom!
The freedom to decide what content and
what types of content to publish, and to
store over time
...
caseorganic.com

Homestead, don't Sharecrop!
A home for your data
•

Your blog becomes a creative outlet
for you + learnin...
caseorganic.com

Thank you!
caseorganic.com

Interaction '14
Amber Case
@caseorganic
Upcoming SlideShare
Loading in...5
×

Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

3,471

Published on

Practice privacy by design, not privacy by disaster!
See the talk here: http://caseorganic.com/articles/2014/02/12/1/designing-for-privacy-in-mobile-and-web-apps-at-interaction-14-in-amsterdam

Almost every application requires some gathering of personal data today. Where that data is stored, who has access to it, and what is done with that data later on is becoming increasingly important as more and more of our data lives online today. Privacy disasters are costly and can be devastating to a company. UX designers and developers need to have a framework for protecting user data, communicating it to users, and making sure that the entire process is smoothly handled.

This talk covers best practices for designing web and mobile apps with the privacy of individual users in mind. Privacy has been an even bigger issue with location-based apps, and we ran into it head-first when we began work on Geoloqi (now part of Esri). Designing an interface that made one's personal empowering instead of creepy was our goal. The stories from our design decisions with our application will also be included in this talk.

Published in: Design
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,471
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
20
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam"

  1. 1. caseorganic.com Designing for privacy in mobile and web apps Interaction '14 Amber Case @caseorganic caseorganic.com
  2. 2. caseorganic.com Part I: Present Day
  3. 3. caseorganic.com What is Privacy?
  4. 4. caseorganic.com The ability to have control over where your content goes and who it is accessed by.
  5. 5. caseorganic.com The ability to choose what content you share, view and access without being tracked.
  6. 6. caseorganic.com Privacy is the ability not to be surprised.
  7. 7. caseorganic.com
  8. 8. caseorganic.com Privacy can also be a feeling or perception of security. This perception of security can be designed.
  9. 9. caseorganic.com
  10. 10. caseorganic.com Privacy on the Web Old Web: Social silos don't exist. Where you go on the web is not tracked New Web: Logged into FB, Google: everything you look at is tracked
  11. 11. caseorganic.com “We invest much of our lives into virtual ‘condos’ that anyone can walk into and do what they like.” -@rahulsen79
  12. 12. caseorganic.com We're all sharecropping indiewebcamp.com/sharecropping
  13. 13. caseorganic.com Changing user interfaces twitter.com
  14. 14. caseorganic.com How can we design for privacy? 1. Temporary Solution (Privacy by Design) 2. Longer term Solution (Data Ownership) Privacy by Design: Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada. http://www.privacybydesign.ca/
  15. 15. caseorganic.com Part II: Privacy by Design
  16. 16. caseorganic.com Smartphone Cameras
  17. 17. caseorganic.com Google Glass
  18. 18. caseorganic.com What was different? • Design and product launch • Developer on-boarding fail • Secrecy/Mystery/Exclusivity • Closed system • Too many features • Price
  19. 19. caseorganic.com Results • Reduced play • Confusion • Pseudo-elite status • Fear • Speculation
  20. 20. caseorganic.com Questions people ask me when I’m wearing Google Glass
  21. 21. caseorganic.com Compare to iPhone Developer Launch Development tools available before new hardware/OS released • $99 fee • Launch: many apps • People had phones already
  22. 22. caseorganic.com Trying to "Calm" the device Headbanding: “moving one's Glass before entering an establishment"
  23. 23. caseorganic.com Half of privacy is perceived The idea of privacy is socially created and attached to behavioral norms. Behavior can change when norms change.
  24. 24. caseorganic.com Success Narrative (formerly Memoto) http://getnarrative.com/
  25. 25. caseorganic.com Why? •Designed •Built to be "calm" upon previous products (iteration) •Clearly defined. (Lifelogging device). •Not at eye level. Small friendly rounded corners •Not immediate (download later)
  26. 26. caseorganic.com Part III: Building privacy into mobile and web apps #dataprivacy
  27. 27. caseorganic.com 1. Get a privacy policy Privacy policies are regret management tools. Only 30% of mobile app developers have one.
  28. 28. caseorganic.com Minimum Viable Privacy Policy: Who you are (identity and contact details), Categories of personal data the app wants to collect/process, Why the data processing is necessary (for what precise purposes), Whether data will be disclosed to which third parties Data withdrawal rights and account deletion policy https://www.iubenda.com/blog/2013/06/10/the-need-for-privacy-policies-in-mobile-apps-an-overview/
  29. 29. caseorganic.com 2. Simplify and Consolidate Privacy policies should be easy to understand Create two sections – Plain Text and Legalese
  30. 30. caseorganic.com Terms of Service; Didn't Read MEDIUM Reserves the right to use your name and content for any purpose forever, even if they get acquired in the future. Wikia Communities don't own their content and can't transfer it off their site. tosdr.org (thanks bret.io!)
  31. 31. caseorganic.com How many of you have read the entire iTunes privacy policy?
  32. 32. caseorganic.com What about Creative Commons?
  33. 33. caseorganic.com 3. Allow people to access / export their data
  34. 34. caseorganic.com 4. Privacy by design vs. privacy by disaster Privacy consideration should be incorporated into every aspect of your app. Web, legal, user experience, messaging, marketing and development. Act now or be forced to act later.
  35. 35. caseorganic.com 5. Consolidate and simplify settings and permissions Make controls easy to access. On/off switches, simple settings.
  36. 36. caseorganic.com 6. Contextual Privacy Instagram, Facebook, Foursquare do this well. Expose privacy controls with every piece of content that can be created or shared
  37. 37. caseorganic.com 7. No one is perfect Hosting user data is a privilege, not a right Apologize immediately if you make a mistake. Fix the problem immediately
  38. 38. caseorganic.com 8. Authentication and Permissions • Allow for temporary authenticatio n Show data options and time
  39. 39. caseorganic.com 8. Authentication and Permissions When in doubt give control
  40. 40. caseorganic.com 9. Community Involvement
  41. 41. caseorganic.com 10. Be Clever: Accomplish your goals in the least amount of moves* *even/especially if it takes more time to think about the solution.
  42. 42. caseorganic.com Part IV: The Future of Privacy and Data Ownership
  43. 43. caseorganic.com Easier to Consume vs. Create
  44. 44. caseorganic.com
  45. 45. caseorganic.com Own your own data Build your own website Use social networks for distribution Web frameworks will emerge that will make this easier
  46. 46. caseorganic.com What happened?
  47. 47. caseorganic.com Blogs | RSS Readers
  48. 48. caseorganic.com 2003: RSS/ATOM WARS
  49. 49. caseorganic.com Pingbacks/ Trackbacks: a way to tell if someone linked to your site
  50. 50. caseorganic.com Pingback Spam
  51. 51. caseorganic.com Picking up from where 2003 left off . Need a way to own our data 1. Learn and improve on what we're doing! 2. Just implement something
  52. 52. caseorganic.com POSSE Publish (on your) Own Site, Syndicate Elsewhere Tweet is published to your own site and sent by your domain to Twitter indiewebcamp.com/POSSE
  53. 53. caseorganic.com PESOS Publish Elsewhere, Syndicate (to your) Own Site indiewebcamp.com/PESOS
  54. 54. caseorganic.com Webmentions indiewebcamp.com/PESOS
  55. 55. caseorganic.com Webmentions
  56. 56. caseorganic.com Indiewebcamp.com
  57. 57. caseorganic.com Why do we need an IndieWeb? Afraid of losing your photos and files 1 Frozen account due to violated TOS 2 Lost content due to acquisition 3 Silos profiting off your data 4 The ability to create again indiewebcamp.com/why
  58. 58. caseorganic.com
  59. 59. caseorganic.com Freedom! The freedom to decide what content and what types of content to publish, and to store over time Control your UI/UX – you decide Own your content forever indiewebcamp.com/why
  60. 60. caseorganic.com Homestead, don't Sharecrop! A home for your data • Your blog becomes a creative outlet for you + learning place for new stuff • Hyperlinks on the open web, giving web back its richness www.onebigfluke.com/2012/07/focusing-on-positives-why-i-have-my-own.html
  61. 61. caseorganic.com Thank you! caseorganic.com Interaction '14 Amber Case @caseorganic
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×