Least Authority Hosted a Workshop at MozFest 2018

Least Authority hosted a workshop “Privacy Personas: how to connect and communicate effectively and make people care” at MozFest, Mozilla’s week-long festival (22 October to 28 October, 2018) in London. Every year MozFest brings together people who care about building a healthy internet – an internet where users control their data, and privacy. Sessions are organized under six spaces mirroring five key internet health issues — Privacy and Security, Openness, Decentralisation, Digital Inclusion, and Web Literacy, plus a special zone for Youth.

As we Least Authoritarians believe that privacy is a fundamental human right and see it as part of our responsibility to advocate and educate, we designed a session around the topic of Privacy and Security. The goal of the session was to actively discuss the topic and help others feel better prepared to communicate the value of privacy beyond our everyday circles. We did it through the use of personas – fictional characters that represent types of users in situations where their privacy is compromised. The task was to have a conversation that focuses on privacy – rather than technical aspects and jargon that aren’t easy to understand or share with others.

Why we hosted this session?

The conversation around the importance of online privacy has been ramping up for years now. While broader conversations are important, we believe that change also takes place when individuals talk to each other about why privacy matters, explain how data is processed in today’s ecosystem, the consequences of that for our privacy and possibly offer a way out with alternative habits, tools and platforms.

We started the session with a brief discussion of some of the initiatives taken to spread awareness at the individual level about the current trends and future issues of privacy. For example the Glass Room – a fascinating project that describes itself as “a pop-up shop, a space for reflection, experimentation and play on how we live our lives online”. This pop-up tech store takes a critical look at how our personal data is shaping society, as well as ourselves, allowing people to directly interact with the results. First exhibited in New York in 2016, and London in 2017, Glass Room has reportedly been hosted in nearly 100 libraries, schools, festivals and organisations worldwide and more than 60,000 people have visited the exhibitions and experiences around the world.

We talked about the use of Data Visualization by Rebecca Ricks – 2017-2018 Ford-Mozilla Open Web Fellow – to maximize the effectiveness of the communication. Rick’s tree diagram shows how and what kind of data PayPal shares with third parties and how is that data being used. This helps us visualize the actual extent to which our personal data is shared beyond the original service we signed up for.

We referenced the use of critical and reflective media to facilitate discussions of issues around privacy. The examples being “do not track” – a personalized documentary series about privacy and the web economy – by Brett Gaylor and “Black Mirror” – a British TV series that explores the dark side of privacy – by Charlie Brooker. We also discussed how humor can be used as an effective way to drive the privacy point home to an individual’s experience. We gave example of Chris Slane, a left wing New Zealand cartoonist, who uses privacy oriented cartoons as a teaching tool.

Use of Personas

Personas are typically used in the design process to develop solutions, products and services based upon the needs and goals of the users. Taking a cue from the design thinking process, we decided upon the use of personas to stress the point that knowing the audience that you intend to communicate with is very important. Effective communication about the importance of privacy needs to be tailored to the audience with which you are communicating.

We created personas which participants could find relatable, relevant and useful to engage with and serve as the base of their ideas. The five personas representing people from different walks of life included:

  • an on-the-road truck driver
  • a teenager
  • a retired electrical engineer
  • an investigative journalist
  • a blogger

We gave each of the above-mentioned personas specific key characteristics. Personas had:

  • Name
  • Age
  • Job/profession
  • Interests
  • Personal characteristics
  • Goals and motivations
  • Work/Home environment
  • Needs with regard to privacy
  • Computing/technical likes and dislikes
  • Quotes

We also prepared different situations or scenarios for each of the personas – everyday scenarios they might face on any typical day, such as using internet to meet people, joining a dating site, sharing photos and videos with friends and family on an online platform, sharing location, using smartphone to learn and share information, signing up for discount card services at a grocery store, sending confidential information over Facebook, et cetera.

The attendees were split into small groups. Each group was assigned a persona and was asked to suggest persuasive strategies they would use to tell their respective persona to change their behavior online – to consider their privacy and refrain from giving information away, to understand the ‘privacy’ they are surrendering when they choose convenient or no-cost tools that collect data for profit. The participants were engaged in a lively discussion and came up with practical suggestions and strategies specific to their personas. Some of the suggestions that the participants came up with:

  • Instead of online dating, turn to other dating techniques such as joining a meetup or attending special events.
  • Use more secure online dating websites.
  • Many dating apps ask for Facebook, Instagram, Twitter or Google information to sign up for an account. It’s not safe to use these social logins and you should refrain from using them. Sites and apps want to link to your social network account to collect your data from your social network.
  • Have a dedicated email account just for online dating.
  • Do not give out too much information online. Never share your full name, address, or place of work.
  • Avoid using the same username that you use for other online services because someone could use it to track you down. Use a separate username and also a different date of birth while signing up for online services.
  • Restrain yourself from sharing sensitive information on Facebook and look for alternatives.
  • Share recent articles about Facebook data leak and how Facebook shares your data – your personal information with third parties.
  • Use apps that are encrypted by default.
  • Use a secure browser such as Firefox, Brave.
  • Use privacy tools like Tor that protects your identity online.
  • Instead of WhatsApp use Signal messaging app and try to get all of your friends and family on board.
  • Tweak your location settings on an app-by-app basis for more privacy.
  • Educate people about the risks that store discount card program entails. The cards are used to keep tabs on what you purchase, how often you shop and what your buying preferences are. The data is used by the chain stores to orchestrate their marketing, targeting customers with discount coupons to maximize their return business.

The participants talked about how Google has recently bought credit and debit card records from a company and is approaching other credit card companies for its own financial gain. The attendees also emphasized that companies should understand and adopt privacy by designframework.

At the end of the session, we all agreed that in order to inspire people to fight back against privacy erosion and to protect their privacy online the choice of words matters and how we say and what we say about privacy matters. We have been bemoaning the loss of privacy but appealing to others to protect privacy itself is not enough. The argument has to be more convincing than privacy for privacy’s sake. We agreed that we need to find other ways of talking about what we are losing. We also need to find positive and convenient ways of bringing privacy back.

We are thankful for the participants for engaging in a constructive and open exchange of ideas and techniques. We hope that our session gave the participants a chance to reflect and share very personal qualitative insights. We came back from the festival energized and encouraged by the vibrant and passionate community, and we look forward to taking more initiatives to help people shun indifference around issues of privacy and security.