I discovered Swift on Security, a parody twitter account combining Taylor Swift and online security after last month’s celebrity photo leak. While many blamed the victims for taking the photos in the first place and allowing them to be backed up on iCloud, Infosec Taylor Swift put the blame on Apple and other tech companies for, among others, making privacy defaults not private enough. Two days ago, Ms Swift posted a story about a fictional Jessica, a teenager who needs to be online, knows she needs to care about cybersecurity, but doesn’t quite know how.
Go read the post, it’s OK, I’ll wait.
Responses on twitter have been varied. Some support the opinion that we cannot really expect everyone who goes online to fully understand security and it is the tech companies’ task, no, duty, to offer that protection. The other end of the spectrum is that the user is responsible for all privacy and security settings, something that I think is getting harder and harder to do.
What I really liked about this post is that it illustrates so accurately one of my product management mantras: you are not your user. Reading the story of Jessica and the way she tries to deal, or not, with online security. Here are just some of the points worth thinking about as a PM:
- Your user does not understand everything about your product and doesn’t necessarily want to. They will not dig deep into every feature nor will they read the manual. Make it easy for them to get what they need out of your product, not what you want them to. They might want to get only a small benefit out of your product, far less that what you, perhaps, would like. Allow them to use a limited feature set and be smart about when to entice them into new features. Don’t blame user for not taking advantage of all the options, or even knowing about them.
- Your user might not be a “power user.” Instead of being a marathon runner, they might use your fitness app for tracking steps in the office. Instead of being a master chef, they might cook one meal a day. Instead of sharing ten photos a day, they might be sharing one a week. Will your product work for both ends of the spectrum? Do you want it to?
- Don’t blame your user for “using it wrong.” Many interesting products and features were developed when users used products not in the way intended. Observe how users use your product, maybe they’re on to something.
- Privacy and security are an issue with every online product or mobile app. Don’t blame user for not fully understanding privacy, but do make it easier to understand. Track how users are changing their privacy settings, if at all. Yes, we all need user data to make a living, but make sure the user knows what your product is tracking and how to control their data. Try not to hide it deep in the EULA. (Yes, I know this reeks of unicorns. Just try.) Think about security when you design your product. Help your users keep their data, at least with you, secure.
Oh, and you are not your user.