Here’s a key question: How do you maintain trust, give users agency over their work, and respect privacy, all while managing power dynamics on a community-based social platform?
GitHub Trust & Safety software engineer Lexi Galantino discussed how she and her team built policies to address this question at Transcend’s first privacy_infra event for engineers in July.
GitHub is organized by repositories, which can be owned by individual users or organizations. The site has platform-level terms of service and community norms, but each repository is primarily governed by “maintainers” in its community.
“This means that as the trust and safety team, we have to empower the maintainer to know what’s up in their community,” said Galantino.
Maintainers have power over the users who contribute to the community, but “we want to set up a system that leaves norms…to protect everybody,” she said. The repercussions of a fallout on GitHub are especially concerning because GitHub is used for work so “when things go poorly, it can affect folks’ livelihoods,” Galantino added.
She believes that when designing a community-based social platform that respects privacy principles, it is imperative to consider power dynamics.
“What happens when the admin is the bad actor? What controls do you have in place for the user to take back agency over their own stuff from the admin? And to go along with that, how can we give as much agency to each user over their own work, their own public image, and their own private information as possible?”
To address this concern, GitHub created guiding principles for work product, privacy, and moderation. According to Galantino, GitHub is centered on contributor agency. Users have “agency over their work because they still have attribution, as long as they don’t edit the git history…agency over the public image because you can always delete your own stuff….And then you have agency over your private information by making an opt in, by making it consensual.”
Watch the video below to learn more about GitHub’s approach to respecting power dynamics while maintaining trust and safety.
Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() events, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. Watch the full July event, register for the next event, or learn more about privacy_infra().
If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal to speak at an upcoming event.