Privacy Practices | Privacy & Free Speech: It's Good for Business

Do we provide users with notice and get their consent before installing or updating software or features?

Making it as easy as possible for users to install or upgrade their software or use new features can be beneficial, but keeping users in the loop about changes is just as important. Users want to have notice and an opportunity to consent before any significant changes take effect. Both Sony and Google learned the hard way that users do not like their software to contain silent, hidden surprises.

Notify users and gain their consent before installing or updating products. Most users will embrace new or improved functionality as long as they are aware of what they are getting. Giving users choices before making changes will allow them to voice possibly legitimate complaints as well as prevent controversies when new features have unforeseen consequences.

Sony: Shipping CDs with an aggressive digital rights management (DRM) program that installed itself on users' computers without their permission was a big mistake for Sony. The company was targeted by multiple class-action lawsuits and blasted in the media. Sony was forced to recall the CDs and pay millions of dollars in compensation to its users.

Activate auto-update only with user consent. Most users will happily activate a feature that keeps their software up-to-date without requiring any effort on their part—but some will be less than pleased if such updates happen automatically without their knowledge or permission. Avoid dissatisfaction by making auto-update an opt-in process.

Google: The company was pilloried in the press for making millions of its Google toolbar users vulnerable to a malicious software attack because of its toolbar's silent, automatic update mechanism. In 2006, a researcher found a flaw in the toolbar update mechanism of the Firefox browser. But since the Google toolbar software, unlike that used by Yahoo! or Facebook, did not provide notice to and obtain consent from users prior to updating the toolbar, Google toolbar users who used the Firefox browser could not control when the toolbar was updated and faced increased risk.

Distribute updates and new products separately. Using an update to push out new, unrelated products can result in negative press and may cause users to lose faith in security update tools. Encourage users to install or use your great new product voluntarily—don’t trick them into it by attaching it to an update for a service they already use.

Apple: When Apple released its Safari 3.1 for Windows Web browser, it wasn’t content to simply promote its new product. Instead, it released the browser as an "update" to its popular iTunes music software, causing many iTunes users to involuntarily install Safari. Critics claimed that Apple’s behavior "bordered on malware distribution practices," driving Apple to clearly identify Safari as a new product and have users opt in prior to installation.