Figure 1 – The Johari Window devised by Joseph Luft and Harry Ingham

The Johari Window is a model for describing personal awareness types and human interaction.

Quadrant A: encapsulates personal awareness and a wish to share information with others, for the purposes of simplicity assume this means publicly.

Quadrant B: encapsulates personal awareness of a different type. The motivations for concealment are plentiful (bad habits, competitive advantage, Machiavellianism, protection of personal interests etc.). The size of this box tends to diminish as trust relationships expand, however I contend: a) there are many types and levels of concealment implied here and b) many different levels of trust in different social circles.

Quadrant C: encapsulates weak personal awareness and misinterpretation (we assume others see us as we see ourselves, but this is not the case). This quadrant (in the context of Social Networking) provides an interesting opportunity for introspection and awareness development from social feedback, Social Network Analysis and sentiment analysis. This is a box full of brambles!

Quadrant D: Donald Rumsfeld’s infamous Known Knowns speech of 2002 sums up this quadrant.

A Prophetic View

Just under two years ago I wrote a somewhat prophetic article concerning Privacy and Social Networks in which I argued for the need for additional privacy controls and multiple walled gardens within social networks. Facebook lists were a crude approximation, but Goolge+ Circles now excel at delivering the concept. A sister post in February 2010 discussed Social Search and the Integrity of the Social Graph, concluding that Google was heading (with purpose) into the Social Networking space.

What I said back in January 2010:

Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my privacy “Onion model”) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between…

A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.

The Johari Window and Google+ Circles

Figure 2 – The Google+ Circle Model

I have a number of Circles within Google+: Friends, Family, Acquaintances, Scientific Community, Social Media, Politics, Techies etc. There is also a ‘Public category’ which maps neatly onto Quadrant A of the Johari Window.

Quadrant B maps neatly to the different circles (Friends, Family etc.). This creates controlled separation, where I can isolate various topic discussions. This helps prevent Family members from being bored by discussions about Social Network Analysis or Social Psychology! Equally it saves Scientific Community colleagues reading my latest views on the European Union. There is a great deal more depth to this than simple ‘separation of interests.’ Despite what we may think, as multi-dimensional beings, we do not necessarily want everyone in cyberspace or our social sphere having a complete 360 degree view of our personality, interests or social connections.

Quadrant C could make for a ‘fun’ social network game – tell me something about myself that I don’t know, but you do know. Play at your own risk!

Quadrant D is ripe for Reality Mining as long as there is a digital footprint.

The Johari Window provides an interesting thinking framework on which to base an approach to online privacy protection and information sharing across social groups.

Extending the Johari Window for Privacy and Reputation Protection

I propose an extension to the Johari Window (as depicted in Figure 3). As information flows into a Circle we lose control of it. We must assume that we have chosen Circle members well and that each member will understand (and abide) by our privacy wishes in respect of that information. The obvious drawback however is that there is no adequate meta-data associated with the shared information to indicate to Circle members what is ‘allowable’. Perhaps Google will introduce ‘Circle Contracts’ to stipulate between parties what is acceptable!

Adding an A+ box (Figure 3) recognises that there will be information which I am happy to be disclosed by people acting as relays between Circles with no restrictions.

Box B+ recognises information disclosed to certain Circles must stay within that Circle or may be selectively disclosed to other Circles (not under my ownership) which meet certain membership/privacy criteria. There is currently however no way to express this (or manage disclosure across ‘logically chained Walled Gardens’).

Box C+ recognises that there is information about myself of which I am unaware, and would be happy about being disclosed. If it is information which may be publicly disclosed, it fits within box A. If it requires restriction per ‘Walled Garden’ or Circle, it fits within box B.

Box C++ recognises that there is information about myself of which am I unaware, and would be unhappy about being disclosed. This box is ripe for Reputation Protection.

Boxes C+ and C++ are interesting as I would be theoretically unaware of my privacy requirements until the information is disclosed (of course heuristics could be employed).

Boxes B, B+, C, C+ and C++ all have potential for information leakage. As Circles and Networks are highly interconnected, chances are the information could reach parties which you would rather not see it.

Extending the Johari Window and applying this thinking technique to online privacy within Social Networks is useful in terms of surfacing complexity and also challenging personal views of requirements for information management.

Figure 3 – Extending the Johari Window

[source: Steve Nimmons]

“Privacy is an onion” (patent pending maxim); it is situational, temporal and multi-dimensional. Perhaps said axiom should be recast as a ‘genetically modified onion’.

Perusing articles on Facebook privacy control changes from a well-known security company, there is the revelation that “no private information should be on the Internet”. A wise statement for an information security purist, but what constitutes ‘private information’, to what degree is it fluid and are the controls within Social Networks sufficient to allow us to restrict access in the ways we demand / require? What are the ’sociological norms’, and what of ’super-social’ libertines (such as I) that have exceeded Dunbar’s Number by a magnitude of 700%?

How does information aggregation affect risk and perception of privacy control – are we at risk through inference channels in the Social Network? How do we perceive and manage trust? With rigour, paranoia, neutrality; is it earned, easily lost. How do we convey this and ensure our privacy is being managed accordingly? This brief set of questions hints at the complexity: cultural and emotional; qualitative; psychological; behavioural that guides our experiences online. Are Social Networks really equipped to meet sophisticated information management demands from a savvy user-base? How will they augment existing controls to facilitate virtual world technologies and context aware devices that would provide further “locational” (excuse the Social Computing neologism) and situational information?

Today’s Social Network (I take Facebook as a pervasive example) is a walled-garden (in general terms). Most users create a ‘private’ profile and control access by granting or denying friend requests, which can then (by and large) see profile information, pictures, status updates and other friend connections (there are nuances, but for brevity I generalise). My ‘bug bear’ with this model is a) poor visualisation of what effect the setting of privacy attributes has b) it’s not more walls we need, it’s more gardens! I shall elaborate on my latter ethereal viewpoint. Going back to trust, you may trust someone implicitly in the office, but don’t want to entrust them with private information in a personal Social Network. Trust and privacy are also really inter-woven concepts. There are also gradations of trust. For example I might trust someone based on their profession (doctor, airline pilot), but there is a limitation in the trust.

I might trust someone with another career background differently, or the trust may be quite neutral. We need more trust and privacy zones (which need to be explicitly defined and explicitly visible) to place individual connections inside a more sophisticated information handling model within the Social Network. In a rudimentary sense this exists with “Friend’s Lists”. These can be created in Facebook and ‘friends’ added to multiple lists which can then be used to permit or deny access to information at a group level. I term this ‘rudimentary’ as the configuration is somewhat arcane, and the visualisation of the result is best described as disappointing, a point to which I shall return.

Aggregation of information and how this affects risk exposure and privacy concerns are also interesting. Simplistically it might be argued “have a sparse profile with little personal information and this is a non-issue”. Whilst logical from a simplistic perspective, consider the aggregation of information from interaction, commentary, and chat services (etc.) and over time information aggregation becomes an increasing concern. I have also (of late) been thinking about the risk of “Inference Channels” in Social Networks. Database and data mining “theorists” will be familiar with this concept. Without diving into a treatise on Claude E Shannon and Entropy Theory, suffice to say this is concerned with deducible links through network connections and whether knowing about a set of relationships (perhaps even individual pieces of personal information) could lead to the discovery of inferred or elicited relationships or information. This may of course be entirely benign, but the Inference Channel has an implied risk that ‘unknown information’ will be discovered through analysis of multiple relationships (as I mention a known concern in highly secure database systems). A subject on which I have written (at some length) is also the opportunity for Social Engineering and leveraging elicited information for nefarious purposes. I am satisfied that the corporate world is generally cognizant of such risk, but wonder if more could be done in terms of “general public education.”

Risks have a tendency to multiply rather than divide, and the unrelenting pace of Social Network development leads me to concerns over a number of “emerging technologies”. Those that read my recent predictions on Social Network developments will have noted my belief that virtual world technologies will augment the rather unsophisticated and stifled ‘networking’ model that we have today. Context Aware devices will provide further enrichment, but both enrich not only networking experience but also the quality of personal information (now situational) that might ‘leak’. The Social Network’s model for configuring privacy controls, defining trust relationships and visualising the result is not equipped for this (I think it barely struggles with today’s limited demands).

Control, visualisation, predictability have been central themes of my ‘critique’ of existing offerings. I therefore close by suggesting a few improvements and opportunities for development and research in this area:

1. Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my GM Onion model) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between. So my ‘quadrant model’ needs to work in three dimensions!
2. A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.
3. Inference Channels are ‘tricky’ due to the myriad of links, attributes and permutations affecting such. I continue to read widely on the subject and would welcome comments on how this might be best addressed. One area that would be interesting to research further would be ‘real-time risk advisors’ (as an example) on chat services seeking to warn users when the aggregation of personal information across “conversations” reaches a certain threshold. This would have numerous applications.

Finally, I hope my musings have not dissuaded anyone from participating in ’speculative networking’. We don’t agonise over privacy concerns before exchanging business cards, so with a degree of care and attention pro-active and speculative Social Networking can be beneficial. But remember, I am a self-confessed libertine!

This article first appeared on the Atos Origin CIO / CTO Blog in January 2010.