Place opt-outs out of the way and obfuscate.
- The path of least resistance through Facebook’s privacy options is to never visit the privacy settings page, and instead just accept these defaults. But that leads to some interesting “openness” issues. The default overall privacy setting makes information available to everyone; ads default to social ads; third-party advertising is allowed; third-party websites get data about you to allow instant personalization; and your timeline is visible in public searches.
Place the options far away from people’s regularly trafficked desire lines.
How to use this pattern
- Remove any talk of opt-out activities from actual transactional points. Instead create a separate location (a “privacy center”) where you can obscure the true activities with general statements.
- If you are caught doing bad things with user data, apologize profusely and then add more check boxes, explanations, and options to your privacy center, so it’s even harder to divine the correct settings.
- Obfuscate. Make it too effortful to actually understand the points in the privacy statement by hiding them in legalese and convoluted options. As long as you have sufficient user trust (or sufficient utility) users will assume that you can’t be doing anything too bad with their data.