Most read articles in Connected Lifestyles:

Read all articles

Giving you more meaningful choices to control your privacy
By: Omar Shahine, Principal Lead Program Manager – Windows Live
08 July 2010

Send EMail

A few months ago I authored a post that sets the context for some of the privacy discussion that’s currently happening, and how we think about privacy in Windows Live.

This post describes the new privacy features in Windows Live, including a new way to differentiate between sharing with your close friends and with your acquaintances, and more control over how you share with your Facebook and MySpace friends. Sometime after this post, Ori Amiga will discuss the Messenger Connect experience, which empowers you to take your Windows Live data to other sites and applications and the privacy principles that guided our work in that area.

There has been a lot of attention and scrutiny paid to privacy by the industry, regulators, and the public recently, and it has become increasingly clear that privacy controls need to be simple and comprehensible. Users want better controls, and so we're introducing a set of simplified privacy controls in Windows Live that provide an easy way to help you ensure your information and activities are visible only to the people you want.

We evaluated our privacy features in the previous version of Windows Live, and worked on making things as simple and understandable as possible while continuing to offer granular controls for customizing your settings. Privacy is a complex area in online services, since not all users have the same expectations or needs, and we, like other services, offer a rich set of sharing features.

Our privacy principles
We designed these features with the following principles in mind:
• People care very much about their privacy
• People want to control how much of their information is made public
• People want simple, intuitive options to control the publishing of their information
• Privacy controls need to be flexible to accommodate different privacy needs
• Privacy controls need to allow individuals to set different levels of access for different contacts

To help users quickly and easily make informed decisions about what information about them is shared online, we created a privacy selector with three simple choices.

Privacy selector

This is the experience that you'll see on your Profile page when our new web services are released (Messenger has a similar screen). We focused here on a simple set of choices that allow you to set your main privacy preferences across all of Windows Live. 

 The three choices represent a simple high, medium, and low setting across the spectrum of privacy preferences. Not all users are the same: some people want to share just about everything with just about everybody, and others want to strictly limit who can see what. Most people are somewhere in the middle, which is where we put our new default, "Limited," where only friends can see your activities, photos and other stuff you post on Windows Live, but old friends can still find you if they do a web search for your name.
 

The “Limited” option is in many ways more restrictive than our previous default settings. For example, your photo albums are no longer public by default, and only your friends can comment on your stuff or send you notes. The “Private” option is exactly what it sounds like. Most of your information and activities are visible to only your friends, and non-friends won't find your profile in search results, or see your information. However, it’s important to note that if you comment on your friends' photos, posts or other activities, your comment along with your name and picture will be visible to people you may not be friends with.

Close friends vs. acquaintances
In doing our research for this release, we heard from a lot of customers (and friends) that deciding whether to accept or ignore a friend request was not so straightforward. As social networking services become a core part of our daily fabric, more and more people you know and meet are inviting you to be friends. This presents some challenges when all friends are treated the same. We call this problem the “reluctant accept” or the “polite decline,” and we think the solution is to treat your close friends differently from your acquaintances.
When you receive an invitation to be someone’s friend, you will see a new check box:

 

Limited access friends
Selecting “Limit the access this person has to my stuff and my info” will restrict what this friend can see and do. For example, your new friend will not be able to send you instant messages, see all your photos, or have access to your contact information, but they can still see social updates about the activities you decide to share with all your friends. It’s important to highlight that your friend is never notified that you limited their access to some information.
 

Polite declines
If you click “No, thanks” (the “polite decline”), the requestor will still have access to the public information on your profile, for example, your first name and picture, but they won’t have access to any of the information or activity that you've limited to only your friends. If you have public activity such as blog posts, the requestor will see those in their social updates in Messenger or on Windows Live Home.
In designing this we felt it was critical to make it as simple as possible to deal with the flood of friend requests that people are now getting. We wanted to avoid making you manage different and confusing “lists” of friends, and then having to do extra work to configure which lists have access to what content. By providing a simple choice between accepting, accepting and limiting, or declining an invitation, you won’t have to spend a lot of time thinking about what do to, or wondering what will happen when you accept or decline.

Managing what your friends can see
You also have control over how much access each of your friends has to your stuff and your activity. Your list of friends works together with the main privacy selector, shown above, and the permission settings on individual activities, should you choose to set those separately.

Across Windows Live, you will see the following permissions choices:
• Everyone (public) – this means the whole internet has access, and this content is findable via web search.
• My friends and their friends – this includes all your friends and acquaintances, including those with limited access, plus all of their friends.
• Friends – this includes all your friends and acquaintances, including those with limited access.
• Some friends – this is just your close friends, because it excludes any friends whose access you've limited.
• Just me – no one but you has access.

One place you'll see these options appear is in the new permissions control for individual items like photo albums or shared documents, shown below. As you can see, you can set the permission for access to each item you share anywhere from most restrictive ("Just me") to least restrictive ("Everyone"). 

 

Sharing with Facebook and MySpace friends
Additionally, you'll see that if you choose Friends or higher as a setting, those activities will be published to your other connected services (like Facebook, MySpace, and soon, LinkedIn). When any update from Windows Live appears on a connected social network, it will follow the privacy controls of that network.
For example, if I upload some photos from my latest adventure in San Diego, an update about that activity will appear in Windows Live and on Facebook, ensuring that all my friends know about the new album as soon as I upload it to SkyDrive. I set the permissions on the photo album to Public, but the update about this album is only published to my Facebook and Windows Live friends.
Here is the activity as seen on Windows Live:


 


 

And on Facebook:


 


This also works for Office docs, allowing you to publish Word, Excel, PowerPoint, and OneNote docs on your connected networks.

Choose your default privacy setting

The new privacy settings page, shown below, replaces the very detailed permissions page from the previous release that some found overly complex. You can visit this page at any time by clicking a link on your profile page to view or change the privacy settings used as your default across Windows Live. This page goes into a little more detail than the privacy selector we showed you earlier, which you see the first few times you sign in to the new Windows Live Profile or Messenger. 

 

Of course, you can also customize the privacy settings for an individual photo album, document, or other activity, and the page for that item will indicate that you are using custom settings.

Advanced privacy settings
But if you want even more control, click Advanced on the Privacy settings page to find dozens of granular settings presented in an easy to understand layout.

The advance settings page presents each privacy setting organized into categories, with easy-to-use sliders that allow you to set permissions from most restrictive to least restrictive:


 


Furthermore, you can expand many items like Basic information and Contact information, to see exactly what is included in that category.

 

You can also customize the sharing option for your new SkyDrive photo albums and file folders, and view settings for all your existing albums and folders, too.

 

Additional privacy and profile changes
When you sign into the new Windows Live Messenger or the new Windows Live Profile page for the first time, you'll be notified of a couple of important privacy changes and be given the opportunity to change your privacy settings accordingly.

1. Your Messenger friends and Profile friends are merged into one list.

Starting in this release, there is only one type of friend relationship in Windows Live: Messenger friends. We made this change because we heard lots of feedback that people didn’t understand the difference between Profile friends and Messenger friends. Now they're all just "friends," but you can easily limit access to your more private information for some of those friends.

2. Your have just one name: your full name, and just one profile picture, which are both part of your profile, and always visible to friends.

In the past there was a lot inconsistency across different Windows Live products. For example, you could have two pictures, one that appeared to your Messenger friends and another that appeared on your Profile. Additionally, you could choose to show only a "display name" in some places, while in other places, your full name would appear, and in still others, only your first name. To cut through all this confusion, we had to rethink our model from the ground up, design what we wanted to have, and then work to transition our users.

The end result is that your full name and picture will always be visible to your friends, but you have complete control over who your friends are. Your full name does not become available to friends until we've informed you that this is happening, and given you an opportunity to change some settings if you want to. You can, of course, change your full name to whatever you want it to be, and you can always choose the Private setting if you don't want your profile to be visible to non-friends or findable in a web search. 

This change was important to ensure that our network is one where people can find you using your real name; people who see your comments, photos, and invitations know who they came from; and your appearance is consistent across all of our web and client applications.

For some, the move away from a separate display name will be perceived as a loss of functionality. But this change, along with numerous other enhancements, will help curb abuse and scams on our network.

Balancing simplicity and granular control
It’s important to note that, while we worked to simplify the default privacy settings, anyone who wants to can still control detailed privacy settings for dozens of individual items, including contact info, activities on connected services, and individual photo albums and document folders. If you do a lot of fine-tuning, we make it easy to see what you've shared: on each of your friends’ profile pages, you can click to see what you've shared with that person, and change your settings.


Final thoughts
I hope that this post offered some insight into our approach around designing the privacy features in this release. We believe that our approach respects the great diversity in customer needs, but of course, there is always room for improvement, so please let us know what you think.

We know we have an immense responsibility to help our customers through the transition from the previous release, and so we took care to ensure that changes are clear to you in the product, as they are happening.

We've worked hard to offer the best set of privacy tools to protect your memories, activities, and information while providing an environment that's great for sharing and connecting with your friends.