Facebook (Probably) Didn’t Expose Your Private Messages. It Just Made a UI Mistake.

Most folks have probably seen some blog post or story warning them that Facebook has exposed their private messages from 2010 and before on their public timeline, which Facebook denies of course. And Facebook is (probably) right — what you’re really seeing are old wall posts that you thought were private. That’s not much solace to some Facebook users though, who — based on the message content — insist that the messages *must* have been private.

Here’s what I think really happened.

Facebook used to have a wall-to-wall feature, which showed the wall posts between you and your friend in a back-and-forth conversation format. It looked sort of like this. Or this. Because this layout looks very similar to how messages work in Facebook, people treated wall-to-wall the same way they treat private messaging. But as the name suggests, wall-to-wall posts actually go on your (very public) wall. The wall-to-wall feature was removed in late 2010. Coincidentally, people are only reporting private messages on their timeline for 2010 and earlier.

That’s not to say there hasn’t be a privacy snafu. There absolutely is. Regardless of whether they’re wall posts or PMs, old embarrassing messages on your Timeline are still embarrassing. And if that bothers you, you should hide them.

But the cause of this privacy breach isn’t some Facebook engineer inadvertently flipping the privacy bit in the FB database. It’s really a UI / design problem, or more specifically, a divergence between Facebook’s model of users behave and the user’s mental model of how Facebook behaves. Two divergences really.

The first is the aforementioned wall-to-wall issue. From Facebook’s perspective, two users were posting on each other’s public walls. But from the user’s standpoint, based on the visual cues presented to them, they were engaging in a private conversation.

The second is Timeine itself. Timeline exposes old, possibly-private and sensitive information. Again, this is because of a divergence between mental models. For Facebook, the question of whether something is public is a binary decision. When the server receives a request for some particular information, it either provides it or it doesn’t.

But for many Facebook users, public really means accessible. And accessibility isn’t quite so binary. Prior to Timeline, sifting through old messages was time-consuming and difficult (it still is in a way). So by the time an old wall post was buried several months in the past, it may still have been public (as Facebook understood it), but it was relatively inaccessible. Timeline changed the accessibility of old information, and combined with the earlier wall-to-wall issue, we ended up with a huge chunk of Facebook users thinking their private messages were exposed (and in a way, they were).

Some final takeaways / questions:

Don’t trust your memory. When it comes to technology, what matters is what the technology thinks is true, not what you remember as true. As the Wall-to-Wall issue shows, poor UI design can affect how people perceive things are happening on the backend. In this case, if you still think there’s a PM on your timeline, the easiest way to verify this is to cross-reference it against your email archives (if you have your email archived that far back and you had e-mail notifications turned on). Until recently, Facebook would send a separate e-mail for wall posts and private messages. If it’s a private message, the e-mail will say so. And you should notify Facebook, because that’s a huge $#@&-up.

Privacy is often a design problem. Same with security. Or really anything else whether the error exists between keyboard and chair.

How do you resolve old UI mistakes? Facebook was almost certainly aware that many wall posts were intended to be private, despite being marked public. But because of the mis-marking, there’s no easy way to identify what user intent actually was for many of these messages. So what’s the proper response? This actually reminds me of the 2000 election in which many Gore voters likely inadvertently voted for Buchanan. But at least some of those Buchanan voters actually intended to vote for Buchanan, and there’s no easy way to tell who intended what, short of a re-vote. So what’s the fair thing to do here?

How do you roll out new paradigms with old data? Start-ups are all about rapid growth and change. Lots of iterations. The occasional pivot. The problem is this can look a lot like a bait-and-switch. Users may provide a company private information based on implicit assumptions on how that data is being used. And indeed, the company may share those assumptions, at least initially. But start-ups often to change course. Sometimes those changes may seem slight from the start-up’s perspective but strongly conflict with the user’s assumptions about how the data is handled. In such case, what’s the best way for a start-up to handle that?


Tort Bunnies is Now Accessible to the Blind

Tort Bunnies is now accessible to the visually impaired and anyone else using a screen reader, or at very least, a little less annoying to navigate than before. For those not in the know, the blind can use software that reads web-content aloud to navigate the web. Naturally, this breaks down with certain graphical elements, like web-comic images. I’ve had transcripts of all the comics hidden on the site for a while now for search engines to index, but they weren’t all that inviting to people using screen readers. Some issues that I’ve fixed:

  • The transcript used to include things like “—–” to separate panels of the comic. Screen-readers, however, read this as “dash dash dash dash dash,” which I imagine gets really annoying over time. That’s been replaced with the phrase “next panel.”
  • The transcripts were not clearly marked, and in order to get there, a screen reader would have to jump past the image, notes, and all sorts of markup before getting to the transcript. There is a now a hidden link near the beginning of the page that allows screen-readers to jump straight to the transcript.
  • The alt text and title text were mixed up. They’re separated now.

There are still minor things here and there that might annoy people using screen-readers of course. For example, I use the « and » symbols in a few places as “arrows” pointing left and right. Some screen readers will not read them as arrows however, but as “left double angle bracket” and “right double angle bracket.” I know that might be annoying, but I’m fan of how they look and given that they’re frequently used (see, e.g., Gmail), I think the burden here should actually be on the makers of screen-readers to come up a better textual description of that symbol.
Continue reading “Tort Bunnies is Now Accessible to the Blind”