It's a beautiful Saturday morning in Beijing's early Fall.  I'm brushing my teeth and hear a knock on the door followed by a curt common in Mandarin.  Assuming one of my roommates will answer the door, I do nothing.  A few seconds later the door opens and a man's voice yells something in Mandarin that sounds like "Anybody home?"  I look into the hallway to see who it is.  I don't recognize him.  He looks out of place, as if he doesn't know anybody in our house.  The man looks at me with a bit of surprise and curiosity, then casually leaves our house... He's not a burglar and his actions are not culturally inappropriate.

A few months ago we were interviewing a migrant workers and asked her how she communicates with her children in her hometown.  One way is by snail mail.  Remote villages cluster around small towns that have markets and phones.  The towns also have a post office where a bag of mail is emptied onto a table and local residents are expected to collect mail addressed to them.  Apparently, it's common practice for residents to open other people's mail to satisfy their curiosity.  Again, there's nothing really culturally inappropriate with that.  Perhaps it's even necessary for people to have the ability to look through other people's mail.  It's not too difficult to imagine scenarios where this is the case.

I've been thinking about how to design socially appropriate and meaningful interfaces, profiles, and privacy into products for emerging markets here in China.  This is especially important given that many potential products designed for this population rely on shared access.  Can I inspect the mail of other users of this computer?  Should I be able to see other user's desktops as they are using their system?  Should we design systems assuming that data will be read by third parties?

For one of our projects, a videomail kiosk for migrant workers, we designed systems so that third parties might be able to access messages (by feigning login) but they were unable to delete messages.  The messages have a TTL of seven days.  Though it seems completely undesired to have other users potentially able to read your mail, it may be a small price to pay for the target user: they don't have to remember usernames or passwords.  We do have a login mechanism, but it consists of common knowledge like the user's name and their hometown.