It’s a crucial moment – you’re on a new web site, and rather than create yet another site-specific username / password combo, you choose to log in with your Facebook identity, at which point the site asks you to “allow” access to your profile information, likes and interests. Do you accept?
As Kevin Tate notes on the Clickz marketing news site, this is The Facebook Marketer’s Moment of Truth. “Earning access to a customer’s profile information, combined with the ability to post content to their friend network, is an unprecedented combination of 1) access and 2) amplification. We are arguably still in the very early stages of learning how to leverage this combination in a valuable and responsible manner.”
Tate suggests three ways to maximize the likelihood your users will give you access to their profile data:
– Make a compelling offer before asking for users for their data;
– Be clear what you’re asking for and why in the Facebook Auth dialog (the “Login with Facebook” screen);
– Afterward, keep the promise you made to users.
These are all sensible suggestions, but for me they don’t go far enough in addressing a growing concern among Facebook users – the idea of informed consent. Facebook isn’t just a web site; via the Open Graph protocol it’s extending into a pervasive user / action / object layer throughout the web, as is evident whenever someone logs into a news or e-commerce site using nothing but their Facebook identity. Similar situations pertain to Twitter, LinkedIn, and other social networks and social identity providers, though none to the same extent.
Today, many people will give an app permission to view and share their activities with friends, sometimes without fully understanding what might be shared in the future. Yet according to Facebook, many others will not – 30% or more will always decline the permissions screen; they’d rather not use the app if it requires giving up privacy, or control.
To prevent an erosion of the trust that forms the bedrock of online commerce, Facebook marketers need to go back to the implied contract with their customers, a bond of shared benefit that only works when both sides are fully informed. Certainly this includes clear communications in the Auth dialog and elsewhere about how user information is being shared. And as a best practice, it makes sense to only ask for the permissions you really need (typically this means the user’s “basic info” and perhaps their email). Don’t ask for Extended permissions, such as “Post to Facebook as you” unless absolutely required. Better yet, don’t ever ask for “Post to Facebook as you.”
But there’s something bigger missing, some better way of assuring users that they can take full advantage of an app’s cool features without fearing the misuse of their personal information. The short-term business model may favor frictionless sharing, but the long-term model most likely requires new ways of assuring people that they’re fully informed and in control of how their preferences and actions are being shared.