A lunchtime musing: As folks know, I’ve been closely following the debate about Facebook Connect and Livejournal. If you read through the volumnious discussion on news, you’ll see that the common cry is for an “opt out”. In general—and this is a call that’s been going on since the days of brad, long before the purchase by SixApart—the call is that users should be able to opt out of any new features. Some want this because they don’t like change at all, and some fear the privacy or publicity risks. A lot of folks don’t understand why LJ doesn’t implement the “opt out”s—it seems so intuitively simple for them.
However, it isn’t, and that’s what I’d like to discuss here. When can you provide too many options? When can too many choices lead to bad security choices?
Let’s look at some examples. A number of folks are running over to Dreamwidth. Dreamwidth has tried to keep the good and eliminate the bad from LJ. An example of this are friends list, which in LJ conflate the notions of who you read with who can read your private posts. Dreamwidth separates these, and thus when you look at a profile, you see the following (and this is just for users):
Open Mutual Access
Open Also Access To
Open Also Access From
Open Mutual Subscriptions
Open Also Subscribed To
Open Also Subscribed From
For communities, you have:
Open Member Of
Open Subscriptions
Open Posting Access
I’ll argue this is confusing, and where there is confusion, there is more chance of having access errors occur. The “Friendlist” approach, while flawed, is much easier to understand. Facebook actually learned this a while back. Their privacy controls (which they do have) were actually too fined grained and too hard to understand, which forced them to simplify their privacy controls. This is a trend: Google is simplifying their privacy policies as well, going for understandability over complete control. Folks may remember that even LJ did this a while back, simplifying and reorganizing their settings pages to make things easier to modify and control.
This, then, could be the reason why LJ doesn’t add an opt-out with every new feature. Over time, the opt-out space would get far too confusing. There needs to be intelligent choice in what opt-outs are provided, and how they are grouped so that they can be understood and used. Designing this right takes time, and this could be why they just don’t add the opt-out immediately in this particular case. One might argue that the features shouldn’t be implemented until the control design is done, but when have you known any commercial company to delay implementing a feature because of security :-).
I hope that, with respect to this feature, that LJ figures out the right way to control the LJ/Facebook interaction. Personally, I don’t believe the answer is an “opt out”. Rather, I think the answer is a posting level between Public and Friends-Only that I’ll call “LJ only”. This posting level would prohibit redistribution off of LJ, via the ShareThis or Facebook Connect features for either the post or comments. It would also treat non-LJ users as anonymous users for the point of view of commenting restrictions (currently, FB and OpenID users—including Dreamwidth users—are viewed as registered users, not-anonymous). LJ-Only posts would otherwise be public—they would be visible to anonymous users as well as FB Connect/OpenID users.
What are your thoughts on this question?
