Privacy Violations By Default

Last Updated
19 Nov 2022
Published
24 Jul 2022
Epistemic Status
Draft. I wrote this when I was angry. I don’t think people design things this way maliciously, but I haven't delved into why things are like this, what possible solutions/alternatives there are, or other viewpoints.

Something that makes me feel angry lately is when apps enable settings that violate your privacy. A lot of the time, it’s enabled by default, which is all sorts of infuriating.

Discoverable by email or phone number

Most visible to me at the moment are options that encourage discoverability via personal contact information such as your email or phone number.

Example: allow anyone to find your account on x service if they have your email address.

I feel strongly about this because I view it as a privacy violation. I think that no one should be able to glean information about the services that you use based on having your personal, but not private, information (such as your email or phone number). I think enabling this kind of discoverability is a risky action that should be preceded with a warning, because it can have unintended, irreversible consequences.

Now, I consider this kind of feature to be risky because:

  1. There are so many people who could have your phone number saved in so many different contexts
  2. Most (arguably, all?) apps have intended audiences for you to connect with (friends, professional colleagues) rather than literally everyone under the sun.

Literally anyone could have your phone number

Innocuously:

  • Your parents
  • Your distant relatives
  • The person on Craigslist that you bought a thing from that one time
  • Your landlord
  • Your classmates
  • Your coworkers
  • Your exes
  • People you briefly dated

And then, more seriously: stalkers, abusers, creeps, and other people you don’t want contact with who might have your contact info, whether or not you gave it to them and are then able to find your accounts.

Example: Discord

Here’s a specific example. Last year, I had this modal pop up on my Discord app:

Discord modal on iOS advertising a 'Find your friends' feature. The checkbox 'Allow contacts to add me' is checked, and smaller text explains how someone can add you if they have your phone number saved to their contacts. Below is a purple Get Started button.
hate it

A number of things about this modal annoyed me:

  1. The checkbox was pre-checked. That’s not what opting in is! This also increases the chance of accidentally accepting this feature.
  2. There was no visible ‘no’ button, and I had to dismiss this by swiping down the modal. I later learned that there should have been a no button below the Get Started button, but it wasn’t visible on my phone because the design failed to consider smaller screen sizes.
  3. The text explaining what this setting enables is quite small, compared to the flashy headline and hero image. Because I consider this a risky feature, I think this is a poor hierarchy of information. The details about the setting should be more prominent.
  4. I had seen and dismissed this modal before.

Discord is for friends; not everyone is your friend

Not everyone is your friend. How you present yourself to your friends (and even, among different groups of friends) is different from how you present yourself to your family, or your colleagues, or the random people in your orbit that you meet once or twice.

Discord is a platform specifically catered towards communities and social groups. On a spectrum of Universal Real Me to Specific Persona Me of social networks, I consider Discord to be on the latter end of it, opposite of networks like Facebook or LinkedIn. It’s also what I consider to be a closed network; i.e. you can’t just find someone’s Discord profile by googling them, much like you can for a Twitter or LinkedIn account.

This means that how people present themselves on Discord, through their name, avatar, banner, bio, and linked social accounts, may not be how they present themselves to people they know in more formal or fleeting contexts.

Abuse

More seriously, this has heavier implications for harassment and abuse. A bad actor could find you if they have your contact info, which is something you can’t fully control.

You could argue that, if someone was concerned about this, they can simply not opt into this feature. My issue is that this side effect is not obvious. The modal prompts you about ‘finding your friends’, which sounds great! You may not realize that among your phone contacts are people who are not your friends, and by extension, people who have your phone number may also not be your friends.

Since I think of this as a risky action, I think it needs to come with warning labels that accompany other risky things, like deletion. Are you sure you want to allow anyone with your phone number to connect with you?

This sounds like shit for growth purposes, which is bad for the company, so it wouldn’t actually fly, but this is really how I think of the feature. Are you sure you want to do this? Have you considered the risks? Do you really want your plumber, landlord, and ex from five years ago to be able to find your account? Please confirm your choice.

In response

To their credit, Discord passed along this feedback to their product team when I vented about it on Twitter, and informed me that this modal shouldn’t have showed up again after I dismissed it the first time.

A product manager provided additional context:

Tweet that says 'So no one can be found on Discord by default. What’s being asked is 'do you want to find your friends? Also do you want them to find you?' Neither are saved or enabled until you complete these flows. We took a privacy minded approach up front.'
further context

(Note: I don’t want to revive this conversation so I am not directly linking the source.)

  • So no one can be found on Discord by default. I think this is excellent, no notes. That is as it should be.
  • My issue is that I don’t think the answer to do you want to find your friends? Also do you want them to find you? lies in your phone number or email, given their universality versus the specific nature of who is a desired Discord contact.
  • Neither are saved or enabled until you complete these flows. If there’s an entire flow, with multiple steps, following the ‘Get Started’ button, then I need not be concerned about accidentally opting into this. However, I assumed that this was something that would get switched on with the single Get Started confirmation, because I view this as an engagement/growth effort, where the friction of multiple steps would be avoided by design. My personal trust in tech companies is very low, so I assume the worse.

I don’t think anyone had malicious intentions with this, but moreso it’s a byproduct of a wider culture (not specific to Discord) that prioritizes growth over privacy and safety.

What is the solution to this? How do I find my friends who I would want to be Discord contacts with, without opening myself up to everyone else? I don’t know. This is a overarching problem I have everywhere and no solution for—how to hide myself from certain audiences while being visible to others, and how this varies from platform to platform. Maybe there is no solution; maybe this is fundamentally at odds with the nature of being online, unconstrained by physical space. In any case, I am dissatisfied with the current state of affairs.

Twitter

Twitter does this too, upon signup; unfortunately, it’s more insidious than Discord because it buries it in tiny text and a second screen.

Twitter, in my opinion, is all sorts of infuriating in growth-hacky, algorithm-obsessive ways, so this isn’t suprising.

Instagram

Anyone can take new public Instagram photos and turn them into a Reel (The Verge, July 2022).

Slack

I don’t use Slack much, so I’m unfamiliar with how it works on the structural level—like how you need a different “account” for every “workspace” and the like.

I was poking around in the settings and found this:

Once again, I think you should not be discoverable by default by your email address.

DeviantArt

(AI art stuff)

https://twitter.com/arvalis/status/1591242450055892992

UPDATE All Deviations Are Opted Out of AI Datasets

By default

I think it would be nice if companies reconsidered the idea that everyone wants to engage and grow on social networks all the time.

There is a related discussion about how public does not mean public on a macro scale; i.e. just because I post something that is technically public and viewable by anyone in the world doesn’t mean that I would be okay with it actually being viewed by everyone in the world. I shitpost on Twitter, where anyone can read it, but that doesn’t mean I want my parents, or people I went to high school with, or my landlord, etc. etc. to read it. In fact, I would say I don’t want them to, and they should never accidentally find me.

Social media at scale, mobs, unintended audiences, context collapse, etc. etc. topics. to be explored another day.