In the past year, concern over privacy online has increased exponentially. But unfortunately, that doesn’t mean Internet users are making themselves (ourselves) more secure. Instead, most users appear to have ignored security issues, while panicking over privacy concerns. For example, I’ve met people who zealously check their Facebook privacy settings, and yet use the same password for all of their bank accounts, email accounts, and web apps. I’ve seen otherwise intelligent people click unknown links and download unknown apps, all the while priding themselves on staying away from social media. None of this would matter, except that the misinterpretation of “privacy” meaning “security” may result in users leaving themselves open to security threats.
In short, Gotham city believes they’re safe, but it’s up to us in the UX world to keep them secure.
Privacy is an issue – I’m not disputing that. Users want reassurances that the sites they are visiting won’t sell their email addresses to spambots, share their 21st birthday photos with their boss, or let strangers know when they’re away on vacation. To some extent, this bleeds into security – no one purposely uses a password that might give a stranger access to Facebook or an untrustworthy friend access to their emails.
Best practices around privacy settings are complex and interesting, because privacy is about two things:
- Creating an aura of safety
- Saving users from their own stupidity
We can accomplish both with one modal window that asks “are you sure you want to send/post/share this?” or we can incorporate “privacy settings” and “undo” buttons and all sorts of other filters and reminders that we’re looking out for our community. There are numerous best practices around privacy settings – because at its heart, providing a sense of privacy is about building trust.
On the other hand, actual security isn’t about trust.
Set Up Secure Systems
Mary Higgins Clark writes murder mysteries. In her stories, there are often two prospective love interests. One is awkward and suspicious, the other charming and trustworthy. Ultimately [SPOILER ALERT] the charming and trustworthy man turns out to be a murderer, where the awkward and suspicious-seeming man is good at heart, reliable, and there to save the day.
Unfortunately, like the two love interests, our websites will be judged by how charming and trustworthy we appear, and not necessarily by how secure we actually are. But ultimately, if we are charming yet unsecured, we will get hacked, and users will leave. If we are suspicious yet secure, however, users won’t stick around long enough to find out how trustworthy we really are. There are far too many other potential suitors courting our prospective audience.
So how can we ensure that users feel safe in spite of all the hackers out there?
We focus on ensuring their privacy. We build their trust. And we don’t skimp in simultaneously building secure programs, protected to the best of our abilities.
Read more about internet security and privacy:
- Google’s Advanced Email Security Can’t Protect Users From Their Own Stupidity
- Privacy vs. Security: The Important Difference
- Can Hackers Destroy the Internet?