It means “desk” or “work table” in french, and it’s a blog about interface design.Get the RSS feed.


I'm Thibaut Sailly, an independant interface designer based in Paris. Say hello on mastodon or by email at thibaut ✉ tsailly ◦ net.

Le Baby is an iOS app I made with Amadour Griffais, a shared and private memory helper for parents with newborns. View on the App Store.



© 2010-2023 Thibaut Sailly · Powered by Movable Type · RSS

You can check out any time you like, But you can never leave

This rather long post is about current and future implication of personal data mining in social media, and the role design plays in the economics of these web services. A shorter version would be ”social media is cooking its most active users a sour meal and designers are only making it worse”. But it would lack subtlety, wouldn’t it? At first, it was only about Facebook, as it crystalized most of the media attention, but other companies have since proven how uncaring they can be with private data, Google and Path to name just two.
These observations range from how the word privacy shouldn't in fact be mentioned in these sites UI elements to prospective fun with what's being called Big Data, with the role of designers in all of this. After pointing out problems, a couple of solutions are roughly sketched and described as a form of positive thinking.

A quick word about my social media perspective: Facebook never really met my interest and I can’t recall using it more than twice: signing up and deleting my account (it's pretty certain Facebook still has a good recollection of what I did there). I watch how my relatives interact through it though. I was a rather active Flickr user (groups and local community) a few years back. I'm on Twitter almost daily, and "app.net" more and more frequently.
If you’re interested in a real user’s point of view, you might as well leave now. For those willing to spend fifteen minutes or so here, I've tried to stick to facts as much as I could in order to keep these observations valuable.


Let's un-zoom from the web and recap on privacy first. It might seem tedious to spend a paragraph to define such a familiar concept, but it seems necessary for some nowadays. Privacy is about having total control - to paraphrase Mark Zuckerberg [1] - on exactly who saw / heard that exact thing you showed / told. You get to choose the people you want to allow in a "space" where you can share with them what you’d like in total confidence. This private place allows us to express ourselves in a much more opened way than we would have in the waiting line of our local supermarket. Private means you can let go, it means you can say what's on your mind without fearing the consequences it could have if it was told in the open and heard by an uninvited party. This understanding, trust and respect are essential to define a truly private moment, to bind individuals together as partners. Or, to use Facebook's vocabulary, friends.

a private conversation being listened to by someone in the background

Facebook and Privacy have had a short yet bumpy relationship. Right now, some option settings panel is trying the best it can to mediate between these two, but it's... complicated. Through its interface actions and vocabulary, Facebook provides users the possibility to create virtual spaces to which only handpicked friends can have access to. They spend time casting a restricted list of friends, ticking faces as they go, you yes - you no. So far, so good. The existence of these restricted spaces clarifies the default one as "public", by opposition: don't share anything sensitive in here, stay smooth. This, in retrospect, reinforces the exclusive and closed nature of the personal ones: it's ok, you're at home, go nuts if you wish to. If it's not on then it's off. Green light, red light. Simple and tight - full control.

Not quite. Someone else is always there in all these carefully picked lists of friends, but not in an obvious way: Facebook itself. The privacy issue Facebook acknowledges lies into how users choose if they share with everybody or with a given set of people of their choosing, but the real problem is that Facebook is listening even if users decide to share privately [2]. Let's anthropomorphize Facebook’s presence among its users and call it "Booky". If it wasn't for Booky’s "friendship", no one would have a Facebook account. He's the one people shake hands with in the legal fine print when they set up an account. Hidden behind the signup form, Booky says : "you can come here for free, as much as you like, to share with your friends openly or privately. But I'll always be sitting right here next to you, and you'll have my full attention [3], because this is how I make profits, and make your presence here possible. Deal?"

Privacy and Facebook don't get along very well because Booky insists on being present at all times, camouflage style. When a stranger hides in a room and listens to the conversation some close friends are having, is it still considered as a private meeting? No. Do 14 years old Jenny and 52 years old Georges know about Booky being here all ears in the background when they engage socially? No. We internet nerds might be conscious of his omnipresence and know this is how Facebook makes money, but I doubt the standard teenagers do, or even care about it. All they know is that they better be on Facebook if they don't want to miss out on what their friends are about. Nobody, nothing in the interface tells them about Booky being there with them all the time. This is why Privacy and Facebook don't go along that well: Booky is a stranger to Facebook users, and by allowing him in their private spaces, Privacy feels - subtly yet repeatedly - cheated by Facebook.

an almost closed door

If Facebook wants to use data shared between friends in private contexts to sell advertising, it should make it explicit and clean wipe the privacy lexical field from its interface. Otherwise, it's deception by vocabulary. From this perspective, "Sharing settings" sets clearer expectations than the actual and falsely promising "Privacy settings". The way Twitter labels its messaging solution is interesting in this regard: they are ”direct" messages, not ”private" messages, even though they only are visible to the two recipients (and Twitter). If you can't provide true privacy, don’t talk about it, don’t sell it.


Social relations aren't binary, they're more complicated than an on or off switch. A conversation with your dad in his kitchen will lead to subjects you wouldn't have brought up if you had started this conversation in a restaurant, even if you were just two at an isolated table. And it's possible that an hours long car ride with him would trigger even other subjects.

Interfaces as we design them - for now - don't allow this level of social granularity. It will come I'm sure, but we're not there yet. In the meantime, people love to talk and share, so they talk and share. Some feel on Facebook as they were in a restaurant, some feel like they've been sitting in a car for 4 hours. Which can - and has - lead to some embarrassing even devastating situations (query "Facebook fail" in your favorite search engine). Facebook, unlike a comfy sedan, has a recording feature built in. Conversations in the car leave no trace other than in memories. Conversations on Facebook are here to stay, and we don't know what will be done with them in the future, nor do we know who their authors will become. We should always remember Shit happens - more on Murphy's law later.


You just need to read the complaints filed against Facebook in Ireland by Europe vs Facebook [4], and the way they responded, to set the level of trust you can have in this company. The same goes with what happened with Path and their users address books uploaded to their servers. Their reaction was prompt when this was discovered, but I find the current message [5] in the app still misleading: "Path would like to access your contacts" still doesn't clearly states that the address book is sent to Path servers. You could easily understand the said access is local to the device. As creepy as it was before.


It's ok to let a company record, own, index, organize and analyze any message sent privately between friends.
If this sentence sounds right to you, read it again with "a State" in place of "a company".
If the two still sound right to you, you probably should consider moving to North Korea.
If the second sounds wrong, why does the first sound right?
If any of them seem wrong, it may be because you've heard about what can happen when such tools fall in wrong hands [6] and it made you care about it. If you're in this group while using Facebook on a regular basis for private communications, you should feel inclined to adjust your actions to your thoughts, or vice versa.

Fun in 2040

This is where facts are left aside, and where the anticipation game starts. Let's fast forward 30 years: our today’s teens are at the peak of their professional lives, and have their own teen kids. Here are some Murphy's law scenarios for them.

David Kingsmith had his application to the Health Plus Plan rejected as his insurance company screened his Facebook records. Based on the number of parties he and his friends documented in his late teenage years and the number of times he appeared intoxicated in the collected pictures from 2008 to 2018, the risk for liver disfunction has been considered too high for the rates offered in this plan. Therefore, he will have to upgrade to the Health Star Plan to get his health covered, for an extra 2000 shpounds a year.

Using a refined statistical algorithmic method, certified by the Ministry of Research and Education, insurance companies can now predict with significant accuracy the risk potential existing for a driver, given they could access a sufficient Facebook log. Whereas prices were usually set by the kind of car you drove, where you drove and your driving history, they can now be accurately indexed on the potential level of the risk each driver represents. Depending on this emotional profile, you can have a good surprise when handed the bill... or a bad one.

Tracy Stradleton was on her way to a major role at the genetic engineering company she's been working for seventeen years. The strategic nature of this position demands a very strong ability to drive through nerve wrecking negotiations with regulators and business partners. This was her weak point: a very documented Facebook account she had been using under a fake name for more than 15 years was related to her just short of two weeks before her official nomination. As many of you now know, psychological profiling from Facebook and Google logs has become a lucrative market. Her company competitors wouldn't have hesitated to use such services to gain insight in her personality and try to influence her decisions. This was considered too much of a risk by CEO Thomas Krusnov, who offered Miss Stradelton a managing role in their famous R&D labs. She started as an intern in these same labs in early 2014 and had, at the time, posted on Facebook: "This lab is a-ma-zing!!! Hope I'll stay here long after summer, LOL." Wish granted.

For any scientific experiment, the more data samples available for analysis, the more precise the results are. This allows you to refine the analysis tools and your methods. As a consequence, results become even more precise. What is true for weather prediction, or speech recognition is also true for individual profiling based on interests, vocabulary, social group, etc: precision is a matter of scale. The scale of samples Facebook or Google can tap into is historically unprecedented.

The analysis of this amount of data turns its users into lab rats being observed for pattern recognition [7]. I have no doubt continuously increasing computing power will help observers make sense of what seems today scant or unrelated data. Owning these zettabytes of human interactions ready for study can represent a lot more than what advertising pays for today: holding tight to all these logs and having them prosper in frequency, quantity and variety offers the owners a future opportunity to sell predictability. At social media companies, product diversification is not only a way to add other revenue streams, it’s also a way to cast different perspectives on an individual, thus getting a refined profile. First ticket to your privacy, second ticket to your own nature.

a hot air balloon not taking off because of a Facebook crate attached to it

A key issue here is the unlimited period of time these companies can hold on to private information, or analysis results derived from them. I don't see any problem with providing a service for free in exchange of some data about you, as long as it is made very clear, and as long as this data is wiped out by default after a certain amount of time. Otherwise it's a dent in our natural freedom to change and evolve as individuals.
I'm especially thinking of all today's teens on Facebook, learning to deal with the adult's life complexities through this medium. As much as I have faith in the human sense of adaptation and that they certainly will adapt to this new situation, I'm very glad my teenage years aren't documented anywhere else than in my memory, and by a hundred or so pictures in a box somewhere. Far from a database I don't own and a search engine able to resurface failures, heart aches, grand naivety or lost hopes in a tenth of a second.


The real trigger deciding me to write this article is the design talent acquisition Facebook has made in the past two years or so, as quite a few very talented designers joined the company. People whose track record I respect a lot were going to work on a product I deplore. I was sad — and still am — because it felt like a waste of their valuable time and talent. I didn't really know why at the time, but writing this article was of some help.

For social media to make a profit, it needs to be a two-sided product : the users interact with side A, the service they access without paying money. This interaction feeds and grows side B: the informations provided by users about themselves are used to offer better targeted advertising for brands, from which the money comes from.

In the case of social media involving personal informations, there's a good chance that if users find out the things they tell each others in a supposedly private environment are used in their back, they will be less likely to interact this way, thus diminishing the accuracy of advertising, and revenue.
"How can we make money out of users interacting with each others, without them noticing" is the equation they are trying to solve. Put differently, "how can we get them to reveal themselves to us with their consent?" — I'm just paraphrasing Sheryl Sandberg here [8]. Horace Dediu called this process "getting to know you" on his 5by5 podcast The Critical Path (couldn't find back the reference episode though, sorry): you agree to give some details about you in exchange of a free service. I'd call it "getting to really really reaaaaally know you". The terms aren't clear at all [9], and users have absolutely no idea what social media products know about them. The users, thinking they get something for free, pay with invisible money which valuation isn't clear and set. This doesn't fit the definition of an agreement to me, rather the one of an abusive position possible because of the users's misinformation.

The Facebook and Google products are essentially conduits sucking as much details on users lives as technology allows today [10]. They're digital hoovers. Being useful, usable and/or fun is just a strategy to accomplish large data collection. By the way, from this point of view, doesn't Apple's Siri look like a pretty darn silent, inviting and efficient personal data conduit? Talk to me: way less friction than Facebook's wall, photo imports and privacy setting control panels. Anyhow.

If we follow along with this vacuum cleaner metaphor, as a designer for these services, your task is to conceive and formalize the most attractive and powerful hoover you can come up with. Designers at Facebook are working on solving the "making people interact with each others better" problem. It's a very complex challenge one can be proud to be tackling, especially at this scale. It demands empathy, imagination and every other practical qualities a good designer should have.

Design is about bringing solutions to problems people have, or don't realize they’re having, with a production process and experience that are both elegant and profitable for both parties - the company they work for, and their clients.
Designers have this role where they make users needs or wants meet the company goal of making money within its operational constraints. The product resulting from their work is a solution to how can those two ends meet.
Design is about harmony. Every aspect of the product you consider rings true with the others, and the whole thing resonates in a unified chord. When we refer to great designers like Ray and Charles Eames, Dieter Rams or Paul Rand as inspirations, we praise their ability to formalize harmony in the products they conceived, but also between their client needs and capabilities, the users needs, the production processes, and how the product fits in the cultural context.

What's also inspiring in these hero designers works is the integrity, honesty and care for the user. These people were genuinely generous and empathic to the individuals who are using or seeing what they put out in the world.

As a designer of a social media company collecting personal informations, should you care about what happens to the data once it's collected and how it's used? My personal point of view is yes, you should if you believe you care about your users. Can you? Given what's at stake, I don't think you really can, but I'd love to be proven wrong. Should you feel bad about it? Of course. Because, unlike car designers can't do much to save the lives wasted on roads (cars move fast by essence), social media products can be designed to be more respectful. It's not a matter of technology, it's a matter of will.

Statistically speaking, the better designed these services collection personal data are, the more sensible informations will be collected, and thus the more fuck-ups derived from this data collection there will be. Murphy's law is strong.

As of today, social media companies are making a profit at the expense of the user, in a way that is not clearly stated to him, and of which the extent is not limited in any way. Social media designers, you have to find a way to communicate the terms a little better, and to limit how personal informations will be used - all in all, you owe users the trust they give you in response to the promise your product offers, the promise you have conceived and formalized.

What now?

Problems have solutions, it's what they're made for. As a conclusion, here are some of the ideas I came up with while thinking of these shits falling, slow motion, towards beautiful spinning fans.

A. The priority seems to educate. It's going to be a long time before these privacy issues come to an end, so we should tell our pairs about them. It should be made clear to everyone that anything feeding these services is "public domain". We have no control on the hard drives our informations live on, thus we should expect the worse and behave as if it were available to our work colleagues or old aunt. If you upload a picture on Facebook you're not ready to show it to your mom, you're doing it wrong.
One possible form it could have is a browser extension displaying a picture of a spooky guy smiling at you hovering the sensible services websites when you're using them. Think baconlicio.us, but with a spook instead of nice crispy bacon.

B. If it's not your server, it's not your data. Couldn't smartphones hold our database and provide access to it? They're connected to the internet, on most of the time, powerful and sport great memory capacities. Basically Tent.io hosted on your smartphone. Data plans, transfer speeds and battery life might not be ready for this, especially when it comes to sharing photos and videos, but when they will be it could be something worth considering. The idea of having the data dear to our life in our pockets just like our home keys or our money just makes sense.

C. Headless data. I'm feeling a bit like a unicorn in a minefield here - as a designer having no clue of how database actually work - but couldn't we have a way to format personal data so that:

Cell biology is full of schemes and complex strategies when it comes to how cell data (DNA, RNA, proteins) is used. I'd look into it if I were to start somewhere.

[1] Our Commitment to the Facebook Community - Facebook blog https://blog.facebook.com/blog.php?post=10150378701937131

[2] Mark Zuckerberg & Sheryl Sandberg @ Charlie Rose http://www.charlierose.com/view/interview/11981 - 48:00 - Sheryl Sandberg: "The only things Facebook knows about you are things you've done and told us. It is self reported". —

[3] The Social Network - Do I have your full attention? http://www.youtube.com/watch?v=mehUC5l-lGM

[4] Legal Procedures against “Facebook Ireland Limited” by an austrian law student http://europe-v-facebook.org/EN/Complaints/complaints.html

[5] Path uploads its users Address Book to their servers http://www.redmondpie.com/contactprivacy-tweak-offers-alert-notifications-when-an-app-attempts-to-access-address-book/

[6] The life of others by Florian Henckel von Donnersmarck http://www.imdb.com/title/tt0405094/

[7] Following Digital Breadcrumbs To 'Big Data' Gold on NPR http://www.npr.org/2011/11/29/142521910/the-digital-breadcrumbs-that-lead-to-big-data

[8] Mark Zuckerberg & Sheryl Sandberg @ Charlie Rose http://www.charlierose.com/view/interview/11981 - 20:05 - SS "Google is fundamentally about algorithms and machine learning and that has been and continues to be very important - they're doing a great job. We start from a totally different place, we start from the individual: who are you? what do you want to do? what do you want to share?" —

[9] Terms of service; didn't read http://tos-dr.info/

[10] Mark Zuckerberg & Sheryl Sandberg @ Charlie Rose - 45:45 - MZ "Sure, people have a lot of information on Facebook, but that's information they've put into the service. If you look at other companies wether it's Google or Yahoo or Microsoft, where they have search engines and ad networks, they also have a huge amount of information about you. It's just that they're collecting that about you behind your back. You're going around the web and they have cookies and they're collecting this huge amount of information about who you are, but you never know that." CR "Don't you find that a bit scary?" MZ "I think it's less transparent than what's happening on Facebook". —

The title is from a song, and preludes one of the best guitar solos ever performed. http://www.youtube.com/watch?v=NUbTW928sMU

I don't think "Booky" is a great name for a Facebook impersonation, but it's the best I found.

« past present »