We are frequently confronted with examples and rhetoric that people’s stated privacy preferences don’t match up with what they do in practice. For example, see Adam Thierer’s recent post, where he provides thoughts from Nick Carr, Bruce Schneier, and Jim Harper, all pointing to the conclusion that:
In a nutshell, ask anyone if they care about their privacy and almost 100% of them will say, yes, absolutely. But then ask them about what they do both online and offline on a daily basis and most of them will reveal a very different set of preferences or values when it comes to what “protecting privacy” would mean in practice.
While I agree that people’s stated privacy preferences often conflict with the actions they take, both online and off, we need to be careful when we use this as evidence that they actually hold a “very different set of preferences or values.”
Primarily, I fear the majority of people simply are ignorant to the kind of privacy trade-offs they are making with much of their online activities. Some of the blame, to be sure, falls on users themselves for not keeping themselves educated on these issues. But in an age where more and more of our information, communication, and commercial activities have shifted online, the ability to fully protect our privacy is often obscured (if not hiden) by the design of the tools and interfaces we rely on.
Consider:
- Google’s resistance to adding a link to its privacy policy on the Google homepage.
- Facebook’s initial design of Beacon, where the defaults where to opt-into the information sharing architecture.
- Facebook’s initial launch of News Feed, where all accounts had it activated (and even when they made a change, the default settings were set at the maximum amount of information sharing)
- The complexity of managing privacy settings on Facebook.
- And so on…
The lack of knowledge, the design of tools & default settings, etc all lead to an imbalance of both knowledge and power, leading millions to disclose and share information that perhaps they wouldn’t if they had full opportunity to learn, decide, and consent to these practices.
Do people value privacy? Yes. Do their actions sometimes contradict this preference? Yes. Does that mean the initial stated preference really doesn’t apply? No, and hopefully through better design, users can become better educated and more empowered to make the privacy-protecting decisions to meet their stated preferences.
MichaelZimmer.org 
My sense from my own thesis research is still more complex. Tech skills have a role but contextual awareness is also key. Ask someone who is reading their blog and they will give you a considered answer. But when they are writing they don’t always have a sense of the audience they know is there, and some may choose not to acknowledge to themselves the risks they face.
Isn’t this also partly just an example of the more general point that all too often, you can’t infer much about people’s values by observing their behaviors? For example: there are probably some comparisons to be drawn here to the gap between the value that people assign to “being in good health”, on the one hand, and their actual diets/exercise habits/sleep schedule/etc. on the other hand.
(And then it’s further complicated because as Thierer himself says, “privacy” isn’t a unitary concept but a jumble of related ones. So, no wonder that people’s behaviors will seem out of sync with their stated concerns about “privacy”.)
You’re both hitting important themes that I left out of my original post (due to haste). Thanks for the comments.
You should design a large-scale survey of the awareness/practice issue. Supplement it with a some in-depth qualitative interviews. Everyone speculates about this. No one measures it.
I think it is actually pretty clear when you watch people’s general behavior, that their ‘privacy’ generally only really has concern in health information, financial information, and information about children, though the latter is to a lesser degree. i think the presumption that people care about privacy is just that, they say they do, then they don’t. do they shred or burn their financial documents? health documents? do they keep their personal information in a safe deposit box or a safe? i think the latter is… more people shred these days because they are afraid of identity theft, but that isn’t an issue of privacy for them, you can argue it is, but they are probably just afraid of loosing money. In short, i don’t think ‘user ignorance’ is an issue at all. I think humans just don’t ‘do’ privacy unless there is some other operant good like ‘money’ behind it, and then they aren’t really doing privacy either. I mean look at workplaces, they are gossip mills. Ask your parents if they told their coworkers about the health of their grandkids. … so… i think, that given human action in real life, which i think is parallel to online, privacy, is a misconception, a malconstruction, that tries to map some area in rights discourse that probably belongs to other concerns. The way to think about it is not, where should we have privacy, but ‘where don’t people want privacy and how don’t they want it?’ and i think from there, you’ll see they don’t actually want it at all amongst most of their important social relations, though they do want some culturally sustained barriers that vary situationally as norms.