Facebook Reality Labs head Andrew Bosworth released an internal memo, entitled “The Big Shift,” which underlines why the company needs to start building products now that better balance user privacy and user experience.
Even before Facebook moved to require all new Oculus users to sign in with Facebook, Oculus headset users were rightfully worried about the company’s treatment of user privacy. Facebook has a long track record of privacy scandals, including the Cambridge Analytic debacle, mass surveillance, and the amplification of misinformation (aka ‘fake news’). There’s more, but the list is comically long.
Virtual and augmented reality opens new, more intimate windows into user behavior though, with biometrical data obtained from VR/AR devices offering important vectors for understanding what makes each individual tick. It’s a treasure trove of user data which has largely gone untapped (and unleaked, as far as we know), but it won’t always be that way.
Now, Andrew Bosworth, the head of Facebook’s AR/VR Reality Labs team, is calling on his colleagues to put user privacy at the core of its products. The ‘Big Shift’ memo, seen in part below, was obtained by Big Technology, and first reported by OneZero.
“Starting in January we are changing the way we approach product development in FRL. Instead of imagining a product and trimming it down to fit modern standards of data privacy and security we are going to invert our process. We will start with the assumption that we can’t collect, use, or store any data. The burden is on us to demonstrate why certain data is truly required for the product to work. Even then I want us to scope it as aggressively as we can, holding a higher bar for sending data to the server than we do for processing it locally. I have no problem with us giving users options to share more if they choose (opt-in) but by default we shouldn’t expect it.”
In the memo, which was released December 22nd, Bosworth says he doesn’t simply aim to meet today’s expectations for user privacy, but wants to “differentiate our products on the basis of privacy. Let other companies scramble to keep up with us.”
Bosworth, a 15-year Facebook veteran, first joined Microsoft in 2004; it wasn’t the same Microsoft we know today, but it was changing to prioritize user security in the face of a long history of ostensibly leaving virus and malware protection for third parties to sort out. Bosworth says in the memo it was due to “decades of buffer overruns and unchecked dereferences in a sprawling code base.”
After his one and a half year-stint as a software designer at Microsoft, Bosworth says public criticism pushed the company to reprioritize security, which helped make it the trusted leader in the field as it is today.
“Today Microsoft is considered perhaps the most trustworthy software vendor in the world. It is trusted by an overwhelming majority of enterprise companies. Having been on the outside since 2005 it was impressive to watch their persistence yield a gradual but definitive shift in their reputation. I think this is a model for us at Facebook. We should become the undisputed leaders in providing privacy aware software.”
Bosworth disagrees with the view that Facebook doesn’t care about balancing privacy and user experience, but he says that due to a recent shift in public sentiment, the company must “consider the consumer experience holistically rather than at optimizing for each individual feature.”
Facebook now offers a new set of privacy functions which reveals what data the company is collecting when you use its VR devices. That’s moving in the right direction, however it’s clear the company as a whole still isn’t working on the same wavelength. This month alone Facebook has faced a major backlash due to its mishandling of WhatsApp user privacy.
“The next step is for the priority of privacy to permeate the entirety of our culture, we’ve made inroads here but we have a long ways to go. Privacy Review should become a simple housekeeping exercise unless we detect further shifts in public attitudes towards privacy.”
Whether it was intentional or not, Bosworth’s memo strikes at the heart of the matter: companies of size simply don’t act in your best interests when given free reign, and users need to prioritize privacy over user experience if they want to push entities like Facebook in that direction. It’s supposed to be a ‘Big Shift’ in the way Facebook currently operates, and we can see why.
“With new culture and new tools, [and] a concerted effort to revisit old products, we are on a long road to redemption. We shouldn’t expect any credit before it is due and perhaps not even until a good while afterwards. But we should nonetheless feel proud of the shift we are undertaking and confident in our ability to see it through.”
Facebook declined OneZero’s request to comment on the contents of the memo.
We’ve included the majority of ‘The Big Shift’ in this piece. You can check out the whole, unedited version here.