Ubuntu Wiki

From The Art Of Community by O'Reilly (http://www.artofcommunityonline.org) by Jono Bacon

Anonymity and Privacy

The act of measuring community is an exercise in gathering information about other people and drawing conclusions. Some of this data will be generic to the community as a whole (such as statistics about mailing lists or forums) and some will be specific to an individual (such as a response to a survey). When data can be directly linked to an individual, the subject of anonymity and privacy steps into view. Although at first these two topics may seem like they could potentially cause problems if you put your foot down wrong, their guidelines are simple. Let’s talk about them both now.

Anonymity

Anonymity is a valuable tool when gathering feedback, particularly around contentious topics. If you are gathering feedback about a particular governance body in your community, many people may feel uncomfortable with associating their views with their identity. For this reason, anonymous feedback can be a useful option. There is a dark side to anonymity, though. The Internet has long proved that when identity can be hidden or obscured, all manner of whack jobs and nutcases want to be your friends or, rather, your enemies. In the world of the Internet, the quote from the 1988 movie The Dead Pool really resonates: “Opinions are like 455|-|0L35, Everybody’s got one and everyone thinks everyone else’s stinks.” If you open an avenue for people to share their views online...expect anything and everything.

Anonymity creates two major risks. First, when identity is hidden, some jump at the opportunity to be rude, arrogant, and sometimes outright offensive. These people are often referred to as trolls in online communities. The second, subtler problem is that anonymity will sometimes cause people to overstate their concern with an issue: they will often dial up the annoyance factor to 11. This means that you get a misrepresented perspective, and this can skew your aim of getting genuinely representative views from the community.

With this we have a difficult balance: there is value in anonymous feedback, but there is a significant risk of trolling and overstated unrepresentative perspectives. How do we find a balance? A simple solution is to welcome anonymous data, but be cognizant of what it could represent. Therefore, when conducting your research, you should encourage a combination of feedback with identity attached in addition to anonymous feedback. Consider the example of running a survey to assess the quality of experience of a contributor joining your community. I would recommend that you have two identical surveys: one is directed to the 10 most recent people who have joined your community, and the other open to anyone. When evaluating the results, treat the survey that you directed to particular people as the most valuable input, but still consider highly the results of your other survey. Combining the results of both surveys is likely to produce a balanced perspective.

Before we move on, I just want to dispel the myth of anonymity on the Internet. This all boils down to a simple rule:

• No one is anonymous on the Internet. No one. (Yes, that includes you super-elite hacker types, too.)

In the online world it’s tempting to believe that you are anonymous, but so-called “anonymity” is merely a carefully constructed set of abstractions that ultimately puts most people off trying to discover your identity. These barriers always have a trail, though, and if someone tries hard enough, he could break down the barriers of anonymity. The value and risk of anonymity is hugely dependent on what kind of community you are building. If you are building a small local knitting community to meet, share patterns, and enjoy each other’s company, it is unlikely that anyone is going to work too hard to break anonymity. If you are involved in a technical community based around security and hacking, some will see your anonymity as a challenge. In more technical communities, as well as communities dealing with sensitive issues in politics or health, you may have a harder time soliciting anonymous feedback for fear of others finding out.

Privacy

The middle ground between anonymity and full public disclosure is feedback provided with an identity under the proviso that it is kept private. Maintaining this level of privacy is an important consideration when handling anyone’s information, and particularly important when handling sensitive information around conflict. Privacy is sacred. It should never be comprised, and when you engage with someone who shares private information, you become responsible for that information. As such, you should ensure that you have a suitable means of securing that privacy. This does not need to include super-technical encrypted emails and retina scans to get into your laptop, but simple processes that will ensure that your respondents have confidence in you keeping their information to yourself.

The most fundamental underlying step here is that people trust you. It doesn’t matter what procedures you put in place to stop leaks; if people don’t trust you as a warm body, they will not entrust their thoughts to you. As we discussed earlier, you should always build a sense of trust and confidence in your community. You should then build on this trust with methods of gathering feedback that are secure. As an example, I was once performing an assessment of a governance body and wanted to gather feedback from each of the members on the body. I was keen for this feedback to be brutally blunt and honest, and to do this I made a few conscious decisions:

• To ensure privacy, I did not use a public resource such as a wiki or forum to ask for the feedback, but instead requested it to my private email address. This meant that all submissions came directly to me.
• I was explicit in the email that the information provided should be frank and honest and that the answers would be subject to absolute privacy. I made it clear that the feedback would not be shared either publicly, with the other members, or with other third parties.
• I sent the email to private email addresses, not an email address associated with the commercial sponsor. This would remove any conspiracy-theory worries of someone snooping on email on a mail server (which would be inconceivable in a practical sense, but I just wanted to calm any possible worries).
• I sent the questions individually to each member, as opposed to using either CC or BCC to send them. This ensured there would be no accidental Reply-All gaffe in which one member’s feedback would go out to the other members.

Each of these steps was subtle but important: they helped to secure confidence in the respondents so they could provide me with the honesty of feedback that I required. It worked, and I got some excellent feedback in that assessment. The last bullet on the previous list was all about reducing the possibility of a gaffe. These accidents and mistakes have happened to us all: accidental emails, phone calls, and messages sent to the wrong people with sometimes embarrassing consequences. These gaffes are bad enough in nonsensitive situations, but when we are dealing with private data, they can be very serious. As such, you need to ensure you are aware of possible gaffes and try at all costs to avoid them.

As a starting point, here is a gallery of what not to do:

Email

In an email discussion about private topics, always check who is receiving the email. This is particularly risky these days with auto-completion. Believe me, I speak from experience....

Mailing lists

Always double-check that when having a private conversation, someone hasn’t included a mailing list address. This happens a lot more often than you would imagine.

Blogging

When you hear that exciting piece of news that someone tells you, ask first if you can blog it. Many have fallen foul of blogging private information. That never ends well.

Phone calls

When discussing private topics, check who is around you. There may well be members of your community you don’t know who are listening to every word.

Online chat networks

Before you talk to “jon_c” online about some private topics, just double-check it is not “jon_o” or “ron_c”. That could get you in quite a pickle. With a careful consideration of the expectations and risks surrounding privacy, it is likely that you can gather your feedback with no ill consequences. The key thing here is to think before you do. Checking that list of email addresses once more may take 10 seconds, but could prevent years of potential embarrassment.

Moving On (Summary)

In this chapter we have explored many of the methods in which we can open up our community to take a peek inside. We have discussed the opportunities and pitfalls associated with measuring community, and this chapter should have provided you with a firm foundation in which to gather data that can help you optimize your community and make it more efficient, pleasurable, and productive. Now we are going to move on to discuss one of the most important elements of community, particularly in large and growing communities: governance.