This post could be titled “The Almost Perfect Way to Make a Security Change on a Social Site”
This morning I got the following email from Etsy. We sell some templates there so this is in reference to a new site feature that will go live in the next few weeks:
Now, upon first reading this, you might think “Awesome – Etsy actually notifies their sellers IN ADVANCE about a feature that might affect their privacy, security, and usage of the website. What a marvelous approach.”
But look closer… yes, they are telling us in advance. Yes, there will be an opt-out checkbox AFTER the feature goes live. Sigh….. so close, yet soooooooo far away from doing what is ultimately in the user’s best interest here. Etsy should have:
- Planned to make the feature OPT-IN only
- Sent the great email above, describing what’s happening and how to opt-in
- Altered their privacy policy to reflect the changes, as they have done
- Set all users up to NOT automatically be using the new feature (disabled by default)
- Done whatever marketing is necessary to convey the benefits of the feature after launching it
But they didn’t, and just like Facebook’s new privacy setting automatically enabled for all users the other day, they have not done the right thing by the population at large. When will these companies ever learn the boundaries of user experience, security and privacy???
Etsy has recently made all users real names and purchase history available on the web. They can be searched from google (I checked). They are also refusing to contact buyers to alert them to this change. They do allow names to be changed, but only with a two day waiting period. There is a thread on their forum about it here http://www.etsy.com/teams/7718/site-help/discuss/6811996/page/1 where they have refused to respond to serious concerns for customer privacy. Since Etsy is refusing to tell notify its’ members, please help me get the word out to them by posting on your website. Thank you.