How Facebook design tricks people into trading away privacy

On TechCrunch, Avi Charkham provides an excellent side-by-side comparison of an older Facebook design and the latest one, showing how the service has moved to minimize the extent to which its users are notified of the privacy "choices" they make when they interact with the service. The Facebook rubric is that people don't value their privacy ("privacy is dead, get over it,") and we can tell that because they demonstrate it by using Facebook. But really, Facebook is designed to minimize your understanding of the privacy trades you're making and your ability to make those trades intelligently.

All privacy offers on FB are take-it-or-leave-it: you give up all your privacy to play Angry Birds, or you don't play Angry Birds. There's no "give up some of your privacy to play Angry Birds" offer, or "here's a game that's 95% as fun as Angry Birds but requires that you only yield up the most trivial facts of your life to play it" that we can test the market against.

Charkham's five examples from the visual interface design are very good evidence that FB isn't a harbinger of the death of privacy; rather, it's a tribute to the power of deceptive hard-sell tactics to get people to make privacy trade-offs they wouldn't make in a fair deal.

#3: The Tiny Hidden Info Symbol Trick

In the old Design Facebook presented a detailed explanation about the “basic” information you’re about to expose to the apps you’re adding. In the new design they decided to hide that info. If you pay careful attention you’ll see a tiny little “?” symbol and if you hover over it you’ll discover that this app is about to gain access to your name, profile pic, Facebook user ID, gender, networks, list of friends and any piece of info you’ve made public on Facebook. Quite a lot of info for a 20×10 pixel tiny hidden info symbol don’t you think?!

Of course, the interface is only a small part of the tactics used to manipulate privacy decisions on FB. More insidious and likely more effective is the use of the proprietary algorithms to apply intermittent social reward for disclosure, driving users to greater and greater disclosures -- something well documented in The Filter Bubble, Eli Pariser's 2011 book on the subject.

5 Design Tricks Facebook Uses To Affect Your Privacy Decisions (via Hacker News)


  1. That’s not only Facebook. Although Google Play is explicit about the kind of access an app has to your device, I wonder why many apps now require you to agree with access to you phone ID and any active phone number being called. I just installed a BBC News app and only agreed because I am using Nexus 7, which is not a phone. But I already refused updates on my Galaxy phone that included this annoying term.

    1.  Wouldn’t it be nice if that BBC app had a “I refuse, and here’s why:…” box that you could check off?

    2. Both Chrome and Google Play give me a heart attack with their honesty. Every time I install a plugin or an app I get socked in the face with a worst case scenario (which turns into a ‘the sky is falling’ experience over time, the warnings lose all meaning).

  2. Why do people use Facebook?  To me, it is equivalent to AOL.  They have a walled garden and a bunch of junky, cheap entertainment choices.  But they’re missing out on the rest of the web.

    1. The reasons for using Facebook are obvious and quite simply, there is no other viable option that doesn’t mine your data.

      >They have a walled garden and a bunch of junky, cheap entertainment choices.

      For the first time I went to Facebook in over a year and it was to watch a terrific short film series called ‘The Beauty Inside’. So, yes, Facebook does have some high quality content though it may be largely surrounded by garbage.

      Facebook has done some good. The problem is that the company is more interested in making money rather than building something they can be proud of and lasts. The core issue is poor leadership.

    2. Who goes on Facebook for entertainment choices?  I don’t.  Its a convenient place to share (or overshare) things with friends and family, that’s about it.

    3. Good lord, I feel the need to rant. Facebook is wonderful for people who don’t give a flying fuck about privacy and want to share their lives with the world in an organized chronological fashion. The trade off of being marketed to in return for being able to easily share stuff is well worth it to me.

      I worry that Facebook is not gonna be able to stay in business with their current model, because they suck at targeted advertising, there’s never anything interesting for me to click on like Gmail has. I propose they offer a service where you pay them a small amount a year during your life in return for a guarantee that they will NEVER delete your data. I have several dead friends now where the facebook data they left behind is a wonderful way (in fact, the only way) to remember their lives.

      I’d pay $25 a year for that privelege.

      1. “because they suck at targeted advertising” Do they ever. Unless I secretly want to move to Oregon. Then again I try to wall off Facebook in its own browser that I use for nothing else, maybe its strange attempts to market Oregon to me are some sort of desperate pleas “We don’t know much about you, How about moving to Oregon! Come on give us something to work with.”

        1. Doesn’t Facebook base it’s ads on content from within Facebook anyway? Not sure if there’s any benefit at all to running it in an isolated environment.

      2. I’d pay $25 a year for that privelege

        Which is perfectly reasonable. The problem is, from Facebook’s standpoint–and I am not in any way defending this kind of thing–they need much more than that. I can’t lay my hands on the numbers that were being thrown around during the IPO frenzy, but their business model depends on some pretty damn impressive monetization of each user. None of which, of course, comes from the user right now, and none of which ever can now. The moment you hear about “Facebook Premium,” it’s probably in territory. It’s so much easier and more profitable just to sell your personal information. And as for your concern about data security, it’s so much easier just to say, “yeah, it’ll probably be fine, don’t worry.”

        With anything else, of course, you could say, “screw that, I’ll pay for a little privacy (or data storage, etc.)” But you can’t, because no such competitor exists, because your 200 “friends” don’t feel the same way. So my suggestion–which it’s now probably too late to implement without bankrupting Facebook–was to treat this as a monopoly/utility situation and force interoperability between social networks. In other words, maybe doesn’t have Farmville or Timeline or “Like” buttons, but I could still see my friends’ posts.

        Oh well!

        EDIT: More directly addressing your point, z7q2, there is a means by which you can have Facebook send you all your posts, etc., to date. I’ve done it myself. (That is, you can have them send you in one file all the stuff that you’d see if you scrolled back manually. They will not send you everything they have on you.) You could download that once a month and archive it separately.

        As for monopolies, it’s an interesting question. I’m sure it’s not a legal monopoly, not even if we were working with monopoly laws updated for the 21st century. And who knows, maybe a free market or just-plain-free solution will arise that will erode FB’s market share to something less than 99%.

        Finally, I put my “friends” in quotes because that’s what Facebook calls them, but it doesn’t completely overlap with who I’d call a friend in other contexts. It’s not bias against social networking, friend. ;)

        1. Well, I do pay for my own domain and website hosting that I can configure as I please. But getting traffic to it involves self-promotional work that I have to go on places like Facebook to do anyway. It’s handy for hosting some of my original work, but who’s gonna pay that bill when I’ve shuffled off this mortal coil?

          I’ve been on FB for years, filling it with original content, and things like game requests that people bitch endlessly about are easily blocked forever with a single click. So I don’t get the rage about the games on there. Sounds suspiciouly like people who would rather complain about spam because they’re too lazy to click delete.

          Also, putting friends in quotes shows an interesting bias against the whole concept of social networking. You certainly don’t have to participate if you don’t want to, which also makes the concept of Facebook as monopoly laughable on it’s face. That dude that posited on Slate that Facebook should be nationalized scares me more than Facebook trying to make a bit of cash off hosting my life story for me.

    4. Keeping up with what my friends are up to, who’s out where. Sharing life’s little ups and downs. You know, “social networking”.
      In that way, yes it is a walled garden. It doesn’t integrate with any other social networks. Can you tell me any other social networking tool that integrates any other social networks. And if you can, I bet one of those “other networks” is Facebook, proving that it’s not a walled garden and if you can’t, it shows there are no other platforms that aren’t walled gardens.
      I’d look, but I really can’t be bothered because I don’t know anyone who uses any other platform than Facebook so have no need for another network right now.

    5.  I use it only because my family does. I don’t use apps, I put as little information as possible in my profile, I make the profile as private as the options allow, and I very rarely post anything or even make comments. For me, it’s purely to keep tabs on family and friends who don’t seem to care about the privacy issues, because there really is no other service that will let me do that. Even with all that, I’m still considering deleting my account, but if I did, I’d miss out on a lot of information that’s relevant to me.

    6. Because what’s the alternative, really? It’s still the best at what it does, even if it’s not very good.

    7. Thanks for all the thoughtful replies to my comment.  

      I think the AOL comparison is somewhat appropriate, given that it was one of the first social networks.  I know some older people who still have all their friends on AOL, and their instant messaging was a breakthrough in communication.

      I believe, however, that Facebook will end up like AOL.  The World Wide Web, broadband internet, and free email made AOL obsolete.  I wonder if Facebook will be killed by a pervasive technology; if it is, what will that technology be?

    8. What else am I going to use? Diaspora? Yeah right, in a perfect world where people care about their privacy and where a good number of people I actually knew were using those alternatives.

      Also, keep in mind that most people conceptualize the internet not as an abstract set of potential uses based on certain technologies – they experiences it as a series of brands: Facebook, Twitter, YouTube, Google Search, GMail, Flickr, Google Maps, the Apple iTunes Music/App Store, etc. Try telling them that they should try an alternative service that is more respectful of their privacy and ownership of their personal data but that has like 10.000 times fewer users/content or that they have to pay a premium for – they’re not going to sign up.

    9. One thing I don’t see people mentioning…they say Facebook is for keeping up with friends. For me, it’s for keeping up with events. While I still scan other places online for information, Facebook is now the best place to find interesting local happenings ahead of time. If an institution I am interested in has a FB account, I will follow them, it’s worth it.

      Also, yes, local advertising. FB makes gossip and news spread like wildfire. If 35 of my friends like a post I made about the work I do, all of their friends will see it, potentially.
      I actually rely on most of my FB information being public. I want people to be able to find and contact me, and associate me with the projects I do. Needless to say, I try not to post anything too personal or embarrassing.

  3. I’ve never used a FB app because I can’t be bothered to investigate and defend my risk exposure.  But I use FB a lot because a lot of people I want to keep tabs on are ‘there’.  And I put as little personal info on there as possible.  Data leaks are impossible to mop up once they happen.

    1. I have only a token account without personal connections, for use in cases that demand FB login.

      However, I’m under no illusion that cross-referenced data profiles don’t pinpoint me like a fin-tagged dolphin everywhere I swim in the ocean of big data.

  4. “Quite a lot of info for a 20×10 pixel …”
    You’ve missed the point. That information is the PUBLIC information so the app could grab it even if you never use it, never click any buttons or interact with any apps in any way. This is the equivalent of the “hot drinks may be hot” and peanuts bearing “may contain peanuts” labels.
    i.e. Freaking pointless and not really required to be there at all.
    They’re not “hiding” it, they just aren’t bothering to have big flashy in your face reminders about things you *REALLY* should already realise.

    1. Isn’t it really about the ‘slippery slope’ effect here, though? Once the masses have become comfortable downloading/running apps that access personal data, the bar gets moved. First, there were clear notifications about data apps would mine; now, those same notifications are stashed out of sight + offscreen, unless moused-over… (is that proper declension of that verb, BTW?)

      …pretty sneaky, sis…

    2. ” It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard’.”

      Thank you Douglas Adams.

  5. “There’s no “give up some of your privacy to play Angry Birds” offer, or “here’s a game that’s 95% as fun as Angry Birds but requires that you only yield up the most trivial facts of your life to play it” that we can test the market against.”

    This actually surprises me. I’d expect facebook to be really into A/B testing.

  6. The last paragraph mentions rewarding people for using privacy-stealing apps. I’ve started calling out my FB friends on that behavior.

  7. The key to minimizing FB distribution of your data is to turn off FB Platform entirely.

    go to Privacy Settings > Ads, Apps & Websites > Apps You Use and turn platform OFF.

    you’ll see this:
    “You have turned platform off. This means you can’t use the Facebook integrations on third party apps or websites. If you want to use these apps and websites with Facebook, turn Platform back on.Turning Platform back on resets related settings (such as your “How people bring your info to apps they use” setting) and allows Facebook to receive information about your use of third party apps and websites”.

    Sadly, it does little about friends with platform ON leaking data you’ve shared with them, so you’ll have to choose friends wisely and educate them a little, but since when is that news?

    finally, database poisoning. I gave FB an incorrect address, birthdate and hometown, no work info whatever, and in a fit of wishful thinking, i apparently am posting from Papeete. makes the sidebar ads more interesting, too.

  8. @Rob: That stood out to me as well. As far as I can tell, the only thing Facebook offers as a gaming platform is easy way to access “play by e-mail”-compatible games like scrabble and pictionary with your friends.

    But if you are looking for a single player experience, the stable of Facebook games is mirrored on the larger web. There are many free flash games that have identical “break the building” gameplay as Angry Birds. I just browsed a few “Top Facebook Games” posts and didn’t see any genre or game mechanic that was exclusive to Facebook.

    1. >There are many free flash games that have identical “break the building” gameplay as Angry Birds. 

      Any specific examples, apart from Crash the Castle?

  9. I wonder how long it will be before the “I’m going to completely ignore all research into human congnition and behavioral economics because, while it may apply to the sheep who deserve to be exploited by Randian Ubermenchen such as myself, my own rationality is obviously(by introspection, of course…) immune to any such effects!” brigade parachutes in to fulfill the balance of the internet?

    1. I think that Who is John Galt? ad has been siphoning most of them away. After that we should throw in some links to blogs about alloys.

      1. Alloy? Alloy? Someone mentioned alloys? Oh my dog, I have such a great alloy idea, and once the government gets out of my way I will make it and I will make everyone soooo sorry when I leave and take my alloy with me.

  10. Back when I had a Facebook account I had the very strong suspicion that they designed the interface to deliberately confuse new users as a way to pull them in. A new user who flails around posting desperate questions in awkward places provoke responses from their “friends” list. “Oh, hey! Look at all these people communicating with me!” and suddenly you’re hooked.

    Zuckerberg may not come across as the most subtle person on the planet, but I think he has the shrewdness of Steve Jobs combined with a Bond Villain-like ruthlessness and disregard for humans.

  11. A good column about the format camouflage used to get users to ignore the permissions they give, but in fairness, as I read the two examples (unfortunately for different apps) I found the new one a) more detailed, and b) more limiting, in the sense of not using imprecise open ended verbiage like “Includes”, and “and more”.  Assuming I do carefully read the “New” design, through the pretty graphics and layout, I will have a much clearer idea of exactly what I’m permitting, and more importantly what I am not permitting, than under the “Old” one. The vague, open-ended terminology of the “Old” example is a greater threat to personal privacy online than the button camouflage, given that the user probably wants the app and is likely to give the permission no matter how it is presented.

    1. Sure, so why not assume that likelihood in advance and put the information that they would use to make that decision underneath an inscrutable tiny light-gray-on-white icon.

  12. There’s a privacy setting on Facebook where you can block all app requests from certain users – just put all your friends there and voilà you’re done. If it takes a lot of time, well, that’s your punishment for having a lot of people on Facebook who aren’t actually your friends.

  13. Step 1- Link opens window that requires you to “App Up” in order to go to it.

    Step 2- Close window.

    Privacy issue solved.

  14. Thoughtful people could actually be GRATEFUL for this intrusiveness and shady behavior–consider Facebook to be the training wheels for every credit card or private student loan agreement you enter in. If you’re trained by Facebook’s shenanigans, you’re probably ready to read AND understand the fine print on that 21% APR credit card offer.

    1. Wish that were true…. But I think the vast majority of folks are not thinking that critically about FB, either because they know what the consequences could be or because they really don’t care or think it’s a problem.  I think you also have to consider how FB’s success is/has led other corporations into similar configurations – “well, FB and the apps on FB can get away with this, and so can we.”  So, in the end, I’m not sure people are getting trained in shenanigans (meaning learning to look out for such things and be savvier online) as much as they are being trained into accepting them as the inevitability of having an online presence.   And I think the point worth taking away might be that this is having intended and intended consequences for all of us, even if we are clever enough to avoid this sort of thing.

  15. It’s an interesting point Cory. Everyone makes this fuss about privacy and Facebook but the two rarely go hand in hand. People on Facebook generally seem to just share EVERYTHING. I don’t use Facebook or Twitter because I’m a private person. I don’t want to share everything with people. Unless they’re right in front of me and we’re having a conversation. It’s just the way I’m wired.

    So why all the fuss?

  16. Facebook gets vilified a lot, but they actually have really good, granular permissions, or a big switch you can hit to make everything visible only to your friends. I wouldn’t post much that is truly private there, but they’re honestly pretty good with granular sharing controls (they had the concept of sharing with specific lists of people before Google+ turned up), they have an increasingly good design/UX team, and it’s where everyone else is.

    Also, when it comes to this particular thing, the app is getting access to your publicly available information – the things that can’t be made private. I don’t think the information it’s asking for is a big deal.

  17. I just don’t post anything on FB I wouldn’t say in front of strangers in a public place. It is a public place. I think we all have to start thinking of the internet that way even when we are home alone in our underwear. 

    1. Better yet, close your account and run away screaming, praying all the time that they have deleted you (knowing full well that this is a pipe dream).

  18. Any thoughts on the fact that the little pop-up is not accessible? If you use Voiceover and go over it it just says ‘link’….so blind people don’t get a proper warning. (command f5 on macs, check it out)

  19. Jeremy Jones clicked the checkbox, unclicked it, clicked it again. There was no reason on God’s green earth to share his predilection for monkey porn with anyone but, there really wasn’t. But. Mega Dump Truck II, Return of Mega Dump Truck! He could practically feel the dirt cascading off his rounded shoulders. 

    Little did he know: each click was a submit, each moment of indecision transmitted to the Mega Dump Truck team. The whole of it broadcast on a live wire with the A/V stream from the camera he’d already authorized in the unread EULA for Mega Dump Truck. His indecisive finger-sweat sucked up by the cushy keyboard, analyzed within the free-with-gas-purchase KP Lovinger laptop, sent to RainForest FoodShip with nutritional information (salt, electrolytes, blood sugar) and to every employer within a 500 mile radius who’d integrated the new Workforce Audit package (free trial, just click this checkbox!) into their desktop data delivery feed.

    By the time Jeremy clicked Submit, he was unemployable in three states and a case of baby spinach was already on the way.

    On the plus side, Mega Dump Truck II was *awesome.*

  20. I solved all my Facebook privacy issues by adding the line

    to my hosts file. :)

  21. It’s not a trick at all. Calling the permissions description a trick is not understanding the power the minimum privileges give app developers.

    I’ve developed Facebook apps. The first thing I did was see what you could do with the bare minimum access – and it’s a lot.

    For starters, if you allow an app I made with basic access then I could start spamming your wall as if I were you. They actually give you that power. The only restriction you will ever meet is someone reporting your app as spammy or evil – by then the damage is already done.

    Accessing anything more than basic permissions is pretty much unnecessary, and you should be wary of any app that does so. You should also avoid installing any apps from companies you don’t trust. Deleting them won’t help – they’ve already got the data and can compare it against any of your friends to fill in the blanks.

Comments are closed.