Casual Privacy

Casual Privacy is a design pattern for sharing private and semi-private information that maps to how secrets are shared in real social networks, and that people will actually use. It draws on our work at Flickr building tools for managing the tensions between privacy and sharing, and draws inspiration from both the work on distributed social networks and secure computings capabilities-based security. And its fun and easy.

• you have data that you’re currently sharing that you would rather you weren’t
• have data that you would share widely if you weren’t sharing it with the GoogleBot
• enabling sharing and social media across identity silos, without resorting to broadcasting private information to centralized beacons
• would like your users to share more

At Flickr, even after considerable work on making the tools easy and powerful, we find that less than 0.1% of our users on a given day make active privacy decisions, or roughly within an order of magnitude of the number of people who asks for help sharing on daily basis. Clearly ongoing innovation is needed on a multitude of fronts, and only some of them involve walking the social graph. As part of our ongoing work around sharing we developed a very basic Casual Privacy implementation (Guest Pass), and set of best practices around helping people make privacy decisions.

Casual Privacy’s use of tokens (or “capabilities”) as identifiers slots nicely into the work being done on delegated identity and authorization on the Web (OpenID, and OAuth) and with the parallel trends in pervasive computing. As does the ability to make cheap Yes/No privacy assertions based on key-value lookups rather then scans against a potentially distributed data store. Combined, they allow for really easy sharing, ad-hoc group forming, and a reasonable expectation of privacy for your super secret brunch spot, your home address, and the photos of last night’s party.