Given Scribd's dodgy reputation (for example, http://blog.ericgoldman.org/personal/archives/2010/09/scribd...) I was curious to see what they'd do with Instant Personalization which has a high creepiness factor even on a good day. True to form, they didn't disappoint.
I think a lot of us realize the privacy concerns and are very carefully weighing the cost/benefit tradeoff, especially from a user perspective. Instant Personalization has a distinct air of "evil" about it, but it can be very beneficial to users and a great experience in the right hands.
Why do sites insist on default opt-out? Everyone here seems to be blaming Facebook. Certainly, Instant Personalization is a Facebook tool that Scribd used but the core of the matter is Scribd created yet another feature that is opt-out.
I consider opt-out a special case of bait-and-switch. You offered X and I signed up for X. Two months later you added Y and change my settings so now I am signed up for X + Y. Since X != X + Y, I consider X + Y to be a new product Z. I signed up for X, you switched me to Z. Bait-and-switch as far as I'm concerned. Doesn't matter to me if Z = 99% of X. Z != X and the switch happened without my prior consent.
I'm sure in the short-term numbers game, opt-out wins opt-in by far. Grab as many eyeballs as you can in the cheapest way possible. In the long term, people stop using your services. There's a reason I'll never use RealPlayer even though the company has completely changed since the early 2000s. I just don't trust them anymore. Same with Facebook. I just don't trust them with my data. Same with Google Buzz. Even though I'm comfortable with Google managing emails, I can no longer trust the Buzz team. Privacy loss doesn't have to directly happen to me in order for me to feel violated.
Since X != X + Y, I consider X + Y to be a new product Z. I signed up for X, you switched me to Z.
This is absolutely unreasonable to apply in general, because it would devastate the pace of change for web applications, and it is actively harmful to the users as well. You're going to be routinely asking them to make decisions which a) they do not want to make b) they have no information to make and c) they are incapable of making. It will merely confuse and annoy them, and the best possible resolution is that they do what they do any time people put up meaningless repetitive dialogs and click Next Next Next until you stop asking such stupid questions as whether to format C:\ or not.
("Attention, non-technical elementary school teacher in central Kansas. You signed up for Bingo Card Creator revision 1,550. Since you last logged in yesterday, we have made 5 changes to the service. These are summarized as: $INCOMPREHENSIBLE_COMMIT_NOTES. Do you want to consent to these changes, or should we keep a Rails application stuck to r1550 spinning for you until the end of time? Pretend this does not sound scary and that you understand that sentence. It is not scary and you don't understand that sentence, but you have no good way of knowing that.")
I should have clarified what X and Y mean in this instance. They do not correspond to individual software features but rather the set of expectations that both parties have agreed to beforehand with regards to privacy, access, security, and overall functionality. Every site has terms of use that basically say "you agree to the condition that we can change anything anytime and you cannot do anything about it." So as far as I am concerned as a user, X stands for the entire site experience regardless of the terms or privacy policy. I don't care that your 45 page document said you can add Y anytime. If Y was not there when I signed up and it affects my security, privacy, or accessibilty in a way that I value, you should tell me about it before you opt me in.
Personally, you would be the last person I would think of as pulling such shenanigans. Your work and words have shown that you care about your users more than making some extra cents in the short-term. I can't say I feel the same about others.
Nice answer, but I don't see what argument it's in response to. If the $INCOMPREHENSIBLE changes don't affect the data the user exposes to the world, there is no need to ask permission, and the Pace of Change for Web Applications can continue unimpeded.
This is a huge reason that I do not use Facebook to login to any site -- pretty much every site that offers that functionality asks to be able to post items for you (in your feed), to send emails, etc.
It seems like some site owners' dreams are to turn you into a bot for their own promotional purposes, or to just use your voice as their personal bullhorn.
I'll stick with registering to sites using a "plain" login (or OpenID, where available) -- at least that way, I have a bit more control over the way my online identity is used.
I guess it is good that I had done that too -- I assumed you actually had to "connect" to Facebook because I visited the Scribd page as described in the article, and I didn't see any fancy Facebook stuff happening (although I did see my browser hit Facebook).
I had forgotten that I had turned off instant personalization (likely due to some TC article or something). So this works without even logging into the site? Jesus, it is worse than I thought!
I don't use Facebook as much, but I follow a similar strategy for other things, like GMail. Instead of a different browser, I set up a 'site-specific-browser', like Fluid[1], for each such website.
Aside from the benefit of not staying logged in to your email/FB/Twitter when browsing random websites[2], this also lets you treat constantly open web-sites as legitimate apps in your switcher, frees up those permanent tabs on your browser, and provides for features like an unread count badge on the application icon when you switch apps.
Instant Personalization or not, this is why i login to sites using my twitter account and not my facebook account. The twitter account is more detachable for me when it comes to day-to-day life, Facebook on the other hand is a lot more involved ...
This is the reason why I stopped using Facebook once instant personalization and the embeddable like buttons were added.
The risk of unknowingly spamming people was too big for me and I just quit. I don't even care as much about the privacy issues as I care about these services doing things and post stuff in my name without any way to stop it or even just indication that they are doing it
Same here. First I thought I was just going to have a bit of a time-out, but I haven't been back and don't miss it one bit. The previous privacy flaps were stuff to deal with, annoying but manageable, the 'like' buttons (incidentally it was a fellow HN'ers name popping up on a third party website) did it for me, end of FB.
I've been tracking the security/privacy problems with Instant Personalization for a while; my recent post might be relevant: http://33bits.org/2010/09/28/instant-personalization-privacy...
I'm also curious to see how things will turn out when a whole bunch of YC startups get Instant Personalization access, as YCRFS7 promises.