💾 Archived View for gmi.noulin.net › mobileNews › 6013.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

How Facebook Uses Empathy to Keep User Data Safe

Melissa Luu-Van

April 28, 2016

Online security often focuses on technical details software, hardware,

vulnerabilities, and the like. But effective security is driven as much by

people as it is by technology. After all, the point is to protect the

consumers, employees, and partners who use our products.

The ways those people interact with technology and each other can completely

change the effectiveness of your security strategy. So security products and

tools must take into account the human context of the problems they re solving

and that requires empathy.

At Facebook, empathy helps us create solutions that work because they re

designed around our users experiences and well-being. Specifically, we see

three ways to include make security efforts more empathetic:

Consumer-driven goals that are actionable and specific

By researching the cultural and physical contexts in which people use your

products, you can define better, more precise goals for those products.

Engaging with your users on a regular basis through reporting tools built

into your product, online surveys, or focus groups, for example is a

necessary step for understanding, rather than assuming you know, their

challenges and needs.

For example, we recently asked several focus groups about their most important

security concerns on Facebook: What are they worried about? What would help

them feel safe? Overwhelmingly, people told us they wanted more control; simply

knowing that Facebook was working behind the scenes to protect their accounts

wasn t enough. We learned that many Facebook users were unaware of all the

security features we offer to add extra protection to their accounts but once

they learned about them, they were eager to use them. People also wanted to be

able to control these features and to see how each tool protects their

accounts. These findings told us two very important things about the security

features. First, they needed to be easier to find. Second, they needed to be

more visible and give people more control.

With that in mind, we created Security Checkup, a tool designed to make

Facebook s security controls more visible and easier to use. During early

testing and after our global launch, we asked people on Facebook about their

experience using the new tool. They told us they found Security Checkup useful

and helpful; the tool s completion rate quickly soared to over 90%. These

results are validating but not surprising, since we tailored Security Checkup

to what we ve learned about people s preferences and concerns.

Our primary goal has always been to protect the people who use Facebook, but

through our research we ve added the goal of helping people better protect

themselves wherever they are on the web. The security lessons our users learn

on Facebook could help them develop safer online habits such as using unique

passwords or checking app permissions that can be used on other sites, too.

Collaborative, cross-functional teams

Security is often approached as an engineering-led effort in which

cross-functional teams from research, design, or product are less important.

However, we ve found that disciplines besides engineering are just as critical

to the thought process and product development, because diversity of thought is

an important characteristic of empathy.

Cross-functional teams are particularly valuable for thinking through the

various experiences people may have with a product. Car manufacturers have done

this for years, adding seat belts and air bags to keep people safe even when a

vehicle performs outside its intended purpose (that is, during a high-speed

crash). The cars designs changed to make people s experiences safer by

default. Similarly, Facebook s security tools are built with the belief that

better product design leads to safer behavior. Many of our departments

collaborate for this purpose, including research, security, user experience,

marketing, product design, and communications.

Throughout various stages of the process, these teams convene to discuss

potential engineering, design, or security challenges; identify solutions; and

consider the impact any of these things might have on someone s overall

experience using our products. We believe this collective expertise helps us

avoid possible issues by addressing them early on in the development process.

For example, during early iterations of Security Checkup we realized that

simply drawing attention to our existing security features was interpreted by

some people as a warning or alert that something was wrong. Because we had

design and communication experts already working on the development team, we

were able to create a security tool with a utilitarian tone to avoid making

people feel unnecessarily concerned.

A focus on outcomes rather than inputs

Finally, and most important, empathy helps us keep people safe and if people

don t have a safe experience, it doesn t matter how many security tools we

make. That s why people s actual outcomes are always our highest priority.

Empathy helps in a couple of ways.

First, having empathy for the people who use your products keeps you focused on

helping them make small but useful tweaks (rather than major overhauls) to

their online behavior. Because online security can be a daunting topic, many

people shy away from being proactive about it. So encouraging people to start

with small steps can go a long way. We ve seen that even incremental progress

helps people learn how to recognize risk and make safer choices; simple

behaviors like turning on extra security settings for online accounts can have

a huge impact on someone s safety.

Second, using empathetic language in consumer communication makes security less

intimidating and more accessible. This means using terms and concepts that are

easily understood within local cultural and languages, even if they differ from

the terms technical experts would use. Research shows that over time, fearful

communications designed to scare people actually have a diminishing rate of

return in helping consumers avoid online threats. On the other hand, building

resiliency can help people better understand potential threats, recover from

mistakes, and identify the most important preventative actions.

If you want to increase empathy on your team, one of the best ways to do it is

to invite a diverse set of disciplines to be part of the product development

process, both through hiring and through collaborating with other teams.

Professionals with experience in psychology, behavioral sciences, or

communications can bring invaluable perspectives for building an empathetic

team. Then invest in research to understand the experience and security

concerns of the people using your products; don t guess or assume you know what

they are.

Empathy is not easy. It requires a commitment to deeply understanding the

people you re protecting but it also leads to significantly better security.

And that s the whole point.

Melissa Luu-Van is a product manager at Facebook, where she leads a

cross-functional team focused on helping people maintain access to their

accounts and keep them secure. She holds a bachelor s and master s degree in

sociology from Stanford University with a focus on Social Stratification and

Inequality.