Better patterns for helping users understand software permissions feels like an imperative; somewhere a lot more technical, design and research thinking should be directed.
By permissions I mean ‘what bits of software are allowed to do with data and input/outputs’, and the mechanism by which a user is informed of those things.
It’s a hard problem that is getting harder and more important:
We have more private data on the web. We have more devices and organisations to move data between. We have devices and web technologies that can do a lot more than they could a couple of years ago. As the number of digital organisations and the number of personal/home things with IP addresses increases it will only get harder, and there is not yet a convincing set of permission patterns for any of it.
We need interaction patterns that enable knowing permission (to steal a phase from Francis’ post on online advertising and privacy)
This is a hard UX problem because it probably requires making overall interactions harder or jerkyer or inconsistent so that someone understands what is happening to their data or what sensors are being activated on their devices.
The most-used patterns we have for explaining what a bit of software is allowed to do, that of Facebook and Google Play store apps, are full of the sort of anti-patterns you get when the custodian of the UI for permissions can gain from you interpreting them in a particular way.
My guess is that most people currently don’t understand and don’t care that they don’t understand; but I think this is an area that needs some future-proofing - the consequences of not knowingly understanding might sneak up on us one day.
Another is more research into what interfaces help people understand what is happening to their stuff, regardless of if they currently know how important their stuff is, while still remaining useable. Sounds like a good definition of a wicked problem.