Designing for Privacy, or teaching safe practices

In setting up various ways to call the blog, we need to make choices about how to design the system interface to protect callers’ privacy. The default settings of all the services we have been using display the phone number of the caller. Sometimes it is displayed as the post’s subject, sometimes it is used as the name of the sound file containing the voice mail, or it shows up as part of the poster’s email address.

Displaying phone numbers is clearly not a good idea. If nothing else, that exposes callers to receiving spam calls, which they would have to pay for under the US cellphone charging schemes. And we can all think of many other bad things that could happen. So we want a way to hide our users’ caller-ID.

Our first inclination has been to hard-code the system to strip out identifiable information. We can discuss different ways to do that: either remove the phone numbers altogether, hide the last few digits, or encrypt the number into a random digit sequence. Some of these approaches make it possible to group calls coming from one person/number onto a single page, while still hiding their identity. We may want to be able to do that at some point.

But there is another way to do avoid displaying numbers: we could instruct our users to dial *67 before they call the vozmail, thus concealing their caller-ID. The risk is that they might forget. The site managers can always go in and edit out the numbers, but that is not foolproof and could quickly become cumbersome as traffic picks up. We could perhaps write a program that flags posts containing identifiable information, and hold them for approval by an editor before they get posted?

However, there are benefits to teaching people about dialing *67: beyond vozmob, this is a useful thing to know when they make phone calls (think about hiding your identity from telemarketers, or even making anonymous inquiries from a government agency…). So, having a system that displays caller-IDs, but provides users with a way to override that, can provide ‘teachable moments’. After all, popular education is one the project’s goals.

Curious to hear what you think.


2 thoughts on “Designing for Privacy, or teaching safe practices

  1. I just turned off the broken transcoding from wav–>mp3, and enabled forwarding of the audio files to the site. So audio calls now appear as attachments in new blog posts, and the files sound fine. Example:

    You can see all the junk that gizmo adds in the body of the message, so we need to strip that out, and you can also see my phone number as the filename, as described above.

    I tried dialing *67 beforehand to anonymize my call, but unfortunately when I did that instead of the vozmob message I got a gizmo voice asking me for a PIN number. So perhaps anonymous calls are disabled in the gizmo account? Unless we can change that, if we want anonymity for callers we will have to write a script to strip their phone numbers from the filetitles.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s