Better design is needed right away
Facebook has made a major mess of privacy settings as they set and reset users’ default settings, hoping users will read prompts that instruct them to make changes, and consumers download apps without reading terms of service or even what permissions are being requested, leading to a rise in malware, especially in Androids (which are more vulnerable than iPhones given the open source community that allows any app in the App Market until it is reported or discovered as dangerous).
Why do consumers have to go through so much? Why is there so much guesswork involved in using software and even something as simple as a social network and why is there an assumption that consumers will ever even look at their settings – even many geeks that are in the tech sector don’t know about or understand the settings of various tools they use, how could a layperson ever understand?
A study this fall featured on User Interface Engineering (UIE) revealed that 95 percent of all MS Word users do not change their default settings. While Word users are not vulnerable in the way a service like Facebook is, there is a blatantly obvious problem – if consumers don’t look at the settings of something as old and simplistic and well understood as Word, how can developers possibly expect a consumer to dive into the confusion of application permissions or Facebook privacy settings? Word has been around forever and people get it, and even then consumers don’t read prompts, don’t change settings and are just plain busy (or lazy as some user experience (UX) experts will opine).
Why settings are critical
The UIE study is being used in tech circles to note that settings aren’t important and that features can be limited, but I would argue that it has less to do with how many features are offered and more to do with what the default settings are and how obvious it is to a user that they even have options they can change should they desire.
Facebook has failed miserably at this by offering deeply confusing settings buried three or four clicks away that have changed several times over the years and rather than leave account holders on what equates to factory settings, Facebook goes in and changes all settings to their new default settings, leaving consumers vulnerable. For example, I am very protective of my cell phone number, so when I checked my Facebook settings earlier this year and discovered that my cell phone number that I had changed to be invisible was actually on my profile. I use Facebook every day, I have covered Facebook trends and stories for years, I’ve been on Facebook for a long time and I have a Google Calendar reminder to myself to check my privacy settings every quarter, so let’s just say that I personally understand Facebook privacy settings, so I was seeing red when I discovered my cell number was public.
It’s not just Facebook, it’s all technologies today that assume consumers will tweak settings and that the number of features is relevant – they won’t touch the settings, and in 15 years when the technologies have aged and matured, even then they won’t edit settings. Developers (we’re looking at you, Facebook), please design products in a way that doesn’t require settings changes, and please, whatever you do, don’t change the default settings repeatedly because consumers will not alter settings and leaving our personal information vulnerable is absolutely unacceptable.
Lani is the COO and News Director at The American Genius, has co-authored a book, co-founded BASHH, Austin Digital Jobs, Remote Digital Jobs, and is a seasoned business writer and editorialist with a penchant for the irreverent.

Matthew Hardy
November 30, 2011 at 5:42 pm
> so much guesswork involved in using software and even something as simple as a social network
Just a correction, from my view, web services are not "software" in the classical sense. Software refers to applications that are installed within an operating system. Web services are rendered or interpreted by a browser (or mobile app designed to do the same).
> While Word users are not vulnerable in the way a service like Facebook… something as old and simplistic and well understood as Word… permissions or Facebook privacy settings
Microsoft Word does not require an internet connection to function because it resides on a user's hard drive. A Word user will never be vulnerable in the way a Facebook user is because Word is not a shared app — Word is used one-user-at-a-time, and not as a massive shared, public system like Facebook.
Nor is Word "simplistic" — it has a much larger feature set than FaceBook probably ever will. As for permission and privacy settings, these are not germane to a software application like Word; they aren't required. A Word *file* might be encrypted or password-protected, but not the app itself.
> more to do with what the default settings are and how obvious it is to a user that they even have options
This has *everything* to do with identifying who the actual customer is. In the case of most software applications, default settings are designed to get the new user off on the right foot; i.e. making the app feel useful without requiring a setting change they would not, in most cases, be familiar with. Software publishers take great pains to leave intact users' settings from previous versions when an update is applied..
As for a web service like Facebook, the actual customer is the advertiser who pays Facebook. Default settings become a tactic employed to maximize the value of users' data being sold to the customers — advertisers. Changing or reverting users' setting to be more complimentary to FB's business goals may be annoying, but you can bet the analysis FB makes is driven by how far they can push that envelope compared to losing users.
> Facebook has failed miserably at this by offering deeply confusing settings buried three or four clicks away that have changed several times
Again, this is by design. Facebook, Google and others could make all of this *massively* more simple, but they don't want to. Remember: you are being watched (algorithmically, at least) by these "free" online services constantly, and only, to create value for the service.
> It’s not just Facebook, it’s all technologies
Not quite true. There are lots of ways to use technology today that don't require succumbing to the offenses you discuss. It starts with understanding the differences between software and web services and between private and public systems.
> please, whatever you do, don’t change the default settings repeatedly
You can say "pretty please with sugar on top" and you'll never get your wish.
> leaving our personal information vulnerable
And *that* is exactly what Facebook is in business for. Why else would they do this?