Social literacy – does ‘karma gaming’ matter?

I have a question for all of you smart people out there. Does the fact that some people ‘game’ karma or rankings or anything you can count in social networks matter?

Here’s the context – I’m doing some work with the Drupal crew and at first blush it seems (perhaps obviously?) that Drupal.org is actually much more of a ‘social’ site than a ‘content’ site, and that many of the social and content issues we need to address might be helped along by making the activity that community members are undertaking visible – which essentially becomes a kind of ‘karma’ (a la Slashdot)

Karma is the sum of your activity on Slashdot. This means posting, moderation, story submissions. It’s just an integer in a database. The tiers are Terrible, Bad, Neutral, Positive, Good, and Excellent.

The obvious objection to this is gaming – that people will behave in a way that will increase their karma which is not necessarily in the best interest of the community at large.

There are a number of ways that you can design karma systems so that they are less likely to be gamed (see again Slashdot):

People like to treat their Slashdot Karma like some sort of video game, with a numeric integer representing their score in the game. People who do this simply are missing the point. The text label is one way we’ve decided to emphasize the point that karma doesn’t matter.

and

Yes. Karma is now capped at “Excellent” This was done to keep people from running up insane karma scores, and then being immune from moderation. Despite some theories to the contrary, the karma cap applies to every account.

And, of course, the well documented removal of the ‘top diggers’ page from Digg is another example of removing the incentive to game karma.

What I wonder about, though, is this:
  • is it just a minority of people who are compelled to have enormous numbers next to their names? 
  • is this minority behaviour *really* disruptive to everyone’s experience of the system?
When I think about my experience of Twitter – I know there are a bunch of people out there who are very interested in having huge lists of followers. I guess it’s an ego thing. For the rest of us though, we get our value from Twitter from a much smaller group of more carefully selected individuals. 
And we’re literate about ‘the numbers’ when evaluating people to include in our network. A common behaviour is to compare the ‘following’ to ‘followers’ numbers – if the ratio is screwed far toward ‘following’ then proceed with caution (or, more likely, don’t follow!)
My gut feeling is that:
  • yes, *some* people will game the system. No system you design will ever stop this.
  • making this gaming visible and traceable (you can see what people have done to achieve their ‘number’ or ranking) means that people can be discerning about the value they place on ‘rankings’
  • if people have high rankings, chance are they’ve been busy/loud in the community – their true value is really on the value of the noise they’ve been making (hopefully good noise)
  • showing rankings in order (a la Top Diggers) should be avoided at all cost.
What do you think?

Guerrilla Research – Recruitment

It’s been almost a year now that I’ve been doing predominantly ‘guerrilla’ design research. For me, this means testing in the field with a minimum of time, budget and fuss so that this kind of activity and the insight it provides is available to pretty much any client/budget/timeframe.

One of the first challenges for guerrilla design research is recruitment – the particular objective being to avoid using recruitment companies in order to reduce the cost of the project and also avoid the delay (often up to 2 weeks!) that is typically associated with recruitment.

A common approach to guerrilla recruitment is simply to rock up at a venue where your target audience is likely to congregate and to try to recruit on the spot. Typical venues might be a local Starbucks or a conference.

This is not an approach that I tend to use, for a couple of reasons – primarily because I really have to relinquish a lot of control over who I involve in my research… more than I feel comfortable with, given the responsibility that I have to my clients to provide them with useful insight. Also, sometimes the recruit briefs I need to meet are quite complex and require me to be quite selective when identifying participants. This is quite difficult to do on the fly and face to face… it can lead to either some awkward moments or spending time doing research with people who aren’t really quite right.

The approach that I have been using (and many of you are probably very aware of this!) is to use my online social network using tools such as my blog, Twitter, LinkedIn, and FaceBook. I have been pleasantly surprised by how successful this has been – on a number of levels.

Essentially how it works is that I work with my client to define a ‘call for participation’ that will be posted – the objective here is to get people interested in the research, to get more rather than less people to contact us, but hopefully mostly people who are at least close to right for the profile. I have to say, I am quite happy not to have to put together screeners any more (or review screeners received from recruitment companies). In fact… if I never saw another screener again I’d be perfectly happy :)

I do, up to a point, think about what ‘channels’ to use. As a gross generalisation, somewhere like Facebook is better for a less technical participant, where as Twitter is better for a more technically savvy participant… this is a gross generalisation though because more often than not, the people who I end up meeting are not directly in my network, but friends, family, colleagues of people in my network. This is the real power of ‘guerrilla’ recruiting, and a big reason why the ‘channels’ matter much less than having great people in your networks :) (Preferably great people with lots of friends, family and colleagues!)

To date, my experience has been that undertaking recruitment in this way has been cheaper (obviously – I don’t charge myself or my client ‘recruitment’ fees per participant), and faster (rather than weeks, recruits are sometimes filled within hours, definitely days of posting a call for participation). The most pleasant discovery has been that the quality of research participants is significantly higher than I had experienced when using recruitment companies.

In the past 12 months I’ve interviewed dozens of people and only had one ‘no show’ – and that was just a mix up with the dates as opposed to someone who just decided not to show. If you’ve done much research you know that it is not uncommon to have a day of six interviews lined up and only to get four participants to show up.

Some of the recruits I’ve had to fill have been fairly simple, but there have also been some incredibly complex briefs that I have no idea how I would have managed to effectively communicate to a recruitment company.

And the people who do turn up are fabulous – I’ve been amazed at how close to the ‘brief’ almost everyone I’ve met has been. They’ve been interested, enthusiastic, articulate and certainly not ‘professional research participants’ – the bane of any researchers existence!

Of course, you can always just take your design and show it to people in the office, take it home to your own family, show your friends – this can be very valuable. If you’re looking to do some research that is slightly more formalised, then perhaps you could consider using your own online social networks for this purpose.

It has certainly made me value even more the networks that I have in place and thankful for the great people who I interact with in these spaces.

(and, while I’m at it – if you’ve helped me with recruiting in the past year or so – thank you, thank you very much!)

Ambient Exposure

It’s been more than a year now since I first wrote about Ambient Intimacy, and in that year it seems a whole lot has gone on. Twitter continues to be the predominant micro-blogging(?) platform although Google now owns Jaiku. Presence continues to be compelling, yet there hasn’t been the growth in ‘life streaming’ that perhaps we were expecting to occur. Everyone loved FaceBook, and now many of us love to hate it. And we’re all still talking about Portable Social Networks and better tools for managing our social networks across platforms, but we’re not really seeing very much of this in action yet.

On a personal level, I’m sure that many of us have had some pretty significant personal changes in the past year. For myself, the two highlights have been moving from working with a consultancy to going freelance, and starting a family.

All of these changes in the past year have gotten me to thinking about something that I’m going to call Ambient Exposure. Exposure in terms of disclosing information of course, but also exposure in the way that a trader might think of it – a vulnerability, a risk associated with taking a position that could, potentially, result in loss or harm.

There are two key attributes of social tools social tools such as Twitter, Jaiku, Facebook and others that means that Ambient Intimacy leads to Ambient Exposure being the content you are sharing and the contacts with whom you are sharing it.

Ambient Intimacy occurs as you share your presence information and other personal information with people in your contact list – that is simple enough, and on the surface the exposure is obvious. However, for very many of us, we have taken little care in managing and really understanding exactly *who* is on our contact list. As your friends or followers list becomes progressively larger, we are less able to remember exactly who is listening – employers? colleagues? people we want to impress professionally? clients we’re currently working for? people we’d like to work for later? (just to focus on the professional aspect – there are a million potential personal minefields).

Essentially, we may not *want* to have the same level of intimacy with some people as we do with others … but do our social tools support this in helping us either be more thoughtful about who we add to our networks and who we don’t (and allowing ‘not adding’ in a way that is polite), or in allowing us to maintain awareness of who we are talking to (what kinds of people) and to isolate groups of people for various types of communication.

My Twitter account, for example, is completely public and there are lots of people ‘listening’ to what I twitter who I don’t know. There are so many of them that I can’t remember who is there or not. As this list has gotten longer I find myself Twittering more cautiously and self consciously. I don’t want to be twittering about procrastinating on a project when the client for whom I am working is ‘listening’. My FaceBook friends list, on the other hand, is more private and has a much smaller collection of people who I actually know. I feel much more comfortable sharing personal information in this space now – so even as the rest of the world seems to be moving away from FaceBook, I actually enjoy it more than ever because my exposure is reduced and my ability to be authentic is increased. (Which raises a whole other question about what is authenticity in this space, and how much authenticity is required for proper ‘intimacy’ to be sustained. A whole other blog post, that is…).

In the same way that we are not necessarily good at or able to forecast the impact of choosing to add someone to our contact list, we are similarly perhaps not good at anticipating the impact of sharing particular types of information with others.

For some reason, I felt incredibly reticent about sharing in a social space anything about what felt like the incredibly personal experience of being pregnant and having a baby. I’m quite open about it in my relatively protected FaceBook environment, but in my highly exposed and less personal Twitter and blogging spaces I’ve been a lot more restrained.

Similarly I was intrigued to observe the almost brutal honesty of Tara Hunt‘s Twitter messages in the aftermath of her relationship breakup. As someone who is highly proficient in the social space, one could only assume that Tara had given some thought to the potential consequences of such honest tweeting. I believe that at some point around this time Tara did actually change her Twitter account from public to private, possibly as a reaction to others’ response to this openness. Nonetheless, Tara knowingly continues to take what I think is a very brave stance, only hours ago tweeting, on a totally unrelated topic – ‘Better yet, if I stumble, I do it openly and spectacularly on Twitter and YOU learn too! :)’

Tara and I and probably you take these risks or precautions in the social space because we are literate in this space. There has been a lot written about young people and the risks of openness, but the rest of us need education and potentially protection from this exposure. The benefits of ambient intimacy far outweigh the potential risks of exposure in my opinion, but awareness of this exposure is important. Education is probably the best way to help people manage exposure via content, but one of the key challenges for designers in social spaces is to design tools that support awareness and management of this exposure through unruly contact lists.

See also: Gardening Tools for Social Networks

Design Ethics – Encouraging responsible behaviour

I got a call from my bank, HSBC, the other morning. The call started something like this.

Rob: ‘Hi, this is Rob from HSBC. Before I can continue this conversation I need to confirm some security details with you. Can you tell me your date of birth please’.

Leisa: ‘You must be kidding Rob. I have no reason to believe that you really work for HSBC. Why on earth would I just hand over my personal information like that?’

Now, I don’t know whether Rob was just improvising, or whether this is an official HSBC script, but it is wrong, wrong, wrong. What Rob and HSBC are doing here is treating people to NOT take care with their personal information. What is this going to do for HSBC and their customers? It’s going to make them both much more likely to get stung by fraudsters, and to both lose time and money for no good reason.

Surely HSBC should be going out of their way to educate their customers NOT to hand over personal information whenever some random person calls up asking for it.

Either way, Rob was not impressed. He did have a backup plan (I give him part of the information and he confirms the rest… which is slightly better), but he took *that* tone with me for the rest of the call. You know, that ‘you’re an irritating customer’ tone. Not a great start to the day.

You know what it reminds me of? And it’s something that more and more of us are guilty of participating in – especially those of use who are designing applications that support social networks. It reminds me of this:

Facebook - Find Friends

This is the ‘find friends’ feature that we’re seeing on more and more sites (this one is taken from Facebook) where we are blithely asked to put in the full log in information for our email accounts, or our IM accounts or our other social network site accounts – and, more often than not – we do!

Now, clearly there is a big incentive to do so because these kinds of applications work well only when you’ve managed to connect with the people you know and care about, and using existing information like the contacts from your email or IM account makes this reasonably painless. The application does most of the work for you.

But do we really realise what we’re handing over when we give this log in information away? Do we realise how much we are trusting Facebook, for example, to play nicely with that information? Think of all the email and IM conversations you’ve had that are accessible using these login credentials… now think about the level of security at somewhere like, say, HM Revenue & Customs (where they recently ‘lost’ the personal information of millions of UK taxpayers), and now think whether somewhere like Facebook would have better or worse security… both now, and potentially in the future.

Sure, they *say* they’re not going to store or use that information… but are you really willing to take them at their word? Are you willing to TRUST Facebook (or any other site) that much?

We don’t really think much about this when we’re giving away our username and password, do we?

And why not? Because, just like Rob at HSBC, it’s almost as though we’re being pressured into just handing over the information otherwise we’ll get inferior service (and/or an attitude). We’re actually being trained to believe that handing over this information is the RIGHT thing to do.

Brian Suda calls this ‘Find Friends’ form an anti-pattern. He says in a recent Sitepoint article:

Another pitfall that you’ll want to avoid is sites that ask for the login details for your email account. This is a huge security hole. By handing over this information, you’re giving a random provider access to all your emails and friends, not to mention access to APIs through which they could edit and delete your information. And, as none of us want to admit, we often use the same passwords for many different services. Provide your email password to a site, and its owners can not only get into your email, but possibly your bank accounts (and a bunch of other services) as well. You should never give your password to anyone! Creating assurances of privacy lulls us into a false sense of security — it relaxes us into thinking everyone can be trusted and everything will be safe. This bad behaviour is exactly what phishers love to prey upon.

Enter design ethics. If ethics plays any part in the way that you’re designing your application or website, then this should be raising hairs on the back of your neck… you should be thinking that this is not right and that there is probably something you should be doing about this.

In fact, there are at least TWO somethings that I think we should be doing in this situation.

  1. The first is that we should be doing our best to help our customers/users/members to protect themselves. We should be educating them about the risks of handing over this kind of information and we should NOT be normalising this kind of behaviour.
  2. The second is that we should be looking for and encouraging alternatives to this ‘find friend’ functionality and we should be encouraging our clients/companies to opt for implementations that help our customers/users/members be more secure.

The kind of alternative that we should probably be looking for is something like OAuth which is an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. It is designed to help you get the information you need to give your end users a good experience without asking them to hand over personal information, like a username and password. Check out this demo of the current user experience. As far as I know, OAuth is not live on the web anywhere yet, but its cousin, OpenID is starting to be more widely adopted.

Of course, if we all had portable social networks, then that would also make things an awful lot simpler and more secure but it all seems quite a way off yet… why so far off you ask? Well…
So far, however, the drive to develop and promote these more secure alternatives is very much being driven by the more technical people on the web. There are lots of scary sounding discussions around exactly how these methods should work. Designers are, for the best part, not to be found in these conversations.

This is problematic from couple of perspectives.

  1. Firstly – if anyone is going to be able to drive the uptake of something like OpenID or OAuth, then it is going to be UX people, the people who are designing the experiences and making recommendations about what constitutes a good experience. Unfortunately, too often by the time the techies get a look in, all the functional decisions have been made and it’s too late to retrofit what would potentially be a much better solution for our end users. We have a responsibility to know about these things and to promote them.
  2. Secondly – from a user experience perspective, there are a lot of challenges to be found in OpenID and OAuth, primarily because you need to educate people about what is going on and also because you are typically moving them through quite a complex flow – including from one site or application to another and then back again. At the moment, the user experience of OpenID and OAuth are far from ideal, but rather than using this as a reason not to work with them, we should be seeing this as an opportunity to engage with these design problems and to use our experience and expertise to help get the user experience as good as it can be.

At any rate – looking after the security of our end users is now very much a part of the responsibility of the designer – whether it is through helping to educate those end users not to hand over information irresponsibly, or by guiding our clients/companies to use methods that better protect our end users. We need to be engaging in these discussions and helping to guide them both from the perspective of the businesses we’re working with as well as in the ongoing technical discussions about how these technologies work.

I think we have a responsibility to help protect our end user, even from themselves. To ignore this responsibility is unethical.