hey that s personal n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Hey, That’s Personal! PowerPoint Presentation
Download Presentation
Hey, That’s Personal!

Loading in 2 Seconds...

play fullscreen
1 / 54

Hey, That’s Personal! - PowerPoint PPT Presentation


  • 136 Views
  • Uploaded on

Hey, That’s Personal!. Lorrie Faith Cranor 28 July 2005 http://lorrie.cranor.org/. Outline. Privacy risks from personalization Reducing privacy risks Personalizing privacy. Privacy risks from personalization. PRIVACY RISKS. Unsolicited marketing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Hey, That’s Personal!' - greta


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hey that s personal

Hey, That’s Personal!

Lorrie Faith Cranor28 July 2005

http://lorrie.cranor.org/

outline
Outline
  • Privacy risks from personalization
  • Reducing privacy risks
  • Personalizing privacy
unsolicited marketing

PRIVACY RISKS

Unsolicited marketing

Desire to avoid unwanted marketing causes some people to avoid giving out personal information

my computer can figure things out about me

PRIVACY RISKS

My computer can “figure things out about me”

The little people inside my computer might know it’s me…

… and they might tell their friends

inaccurate inferences

PRIVACY RISKS

Inaccurate inferences

“My TiVo thinks I’m gay!”

surprisingly accurate inferences

PRIVACY RISKS

Surprisingly accurate inferences

Everyone wants to be understood.

No one wants to be known.

you thought that on the internet nobody knew you were a dog

PRIVACY RISKS

You thought that on the Internet nobody knew you were a dog…

…but then you started getting personalized ads for your favorite brand of dog food

price discrimination

PRIVACY RISKS

Price discrimination
  • Concerns about being charged higher prices
  • Concerns about being treated differently
revealing private information to other users of a computer

PRIVACY RISKS

Revealing private information to other users of a computer
  • Revealing info to family members or co-workers
    • Gift recipient learns about gifts in advance
    • Co-workers learn about a medical condition
  • Revealing secrets that can unlock many accounts
    • Passwords, answers to secret questions, etc.
slide11

PRIVACY RISKS

The Cranor family’s 25 most

frequentgrocerypurchases (sorted by nutritional value)!

exposing secrets to criminals

PRIVACY RISKS

Exposing secrets to criminals
  • Stalkers, identity thieves, etc.
  • People who break into account may be able to access profile info
  • People may be able to probe recommender systems to learn profile information associated with other users
subpoenas

PRIVACY RISKS

Subpoenas
  • Records are often subpoenaed in patent disputes, child custody cases, civil litigation, criminal cases
government surveillance

PRIVACY RISKS

Government surveillance
  • Governments increasingly looking for personal records to mine in the name of fighting terrorism
  • People may be subject to investigation even if they have done nothing wrong
risks may be magnified in future

PRIVACY RISKS

Risks may be magnified in future
  • Wireless location tracking
  • Semantic web applications
  • Ubiquitous computing
if you re not careful you may violate data protection laws

PRIVACY RISKS

If you’re not careful, you may violate data protection laws
  • Some jurisdictions have privacy laws that
    • Restrict how data is collected and used
    • Require that you give notice, get consent, or offer privacy-protective options
    • Impose penalties if personal information is accidently exposed
axes of personalization

REDUCING PRIVACY RISKS

Axes of personalization

Tends to be MOREPrivacy Invasive

Tends to be LESSPrivacy Invasive

Data collection method

Explicit

Implicit

Duration

Transient(task or session)

Persistent(profile)

User involvement

User initiated

System initiated

Reliance on predictions

Predication based

Content based

a variety of approaches to reducing privacy risks

REDUCING PRIVACY RISKS

A variety of approaches to reducing privacy risks
  • No single approach will always work
  • Two types of approaches:
    • Reduce data collection and storage
    • Put users in control
collection limitation pseudonymous profiles

REDUCING PRIVACY RISKS

Collection limitation: Pseudonymous profiles
  • Useful for reducing risk and complying with privacy laws when ID is not needed for personalization
  • But, profile may become identifiable because of unique combinations of info, links with log data, unauthorized access to user’s computer, etc.
  • Profile info should always be stored separately from web usage logs and transaction records that might contain IP addresses or PII
collection limitation client side profiles

REDUCING PRIVACY RISKS

Collection limitation: Client-side profiles
  • Useful for reducing risk and complying with laws
  • Risk of exposure to other users of computer remains; storing encrypted profiles can help
  • Client-side profiles may be stored in cookies replayed to server that discards them after use
  • Client-side scripting may allow personalization without ever sending personal info to the server
  • For some applications, no reason to send data to server
collection limitation task based personalization

REDUCING PRIVACY RISKS

Collection limitation: Task-based personalization
  • Focus on data associated with current session or task - no user profile need be stored anywhere
  • May allow for simpler (and less expensive) system architecture too!
  • May eliminate problem of system making recommendations that are not relevant to current task
  • Less “spooky” to users - relationship between current task and resultant personalization usually obvious
putting users in control

REDUCING PRIVACY RISKS

Putting users in control
  • Users should be able to control
    • what information is stored in their profile
    • how it may be used and disclosed
developing good user interface to do this is complicated

REDUCING PRIVACY RISKS

Developing good user interface to do this is complicated
  • Setting preferences can be tedious
  • Creating overall rules that can be applied on the fly as new profile data is collected requires deep understanding and ability to anticipate privacy concerns
possible approaches

REDUCING PRIVACY RISKS

Possible approaches
  • Provide reasonable default rules with the ability to add/change rules or specify preferences for handling of specific data
    • Up front
    • With each action
    • After-the-fact
  • Explicit privacy preference prompts during transaction process
  • Allow multiple personae
provide way to set up default rules

REDUCING PRIVACY RISKS

Provide way to set up default rules
  • Every time a user makes a new purchase that they want to rate or exclude they have to edit profile info
    • There should be a way to set up default rules
      • Exclude all purchases
      • Exclude all purchases shipped to my work address
      • Exclude all movie purchases
      • Exclude all purchases I had gift wrapped
remove excluded purchases from profile

REDUCING PRIVACY RISKS

Remove excluded purchases from profile
  • Users should be able to remove items from profile
  • If purchase records are needed for legal reasons, users should be able to request that they not be accessible online
use personae

REDUCING PRIVACY RISKS

Use personae
  • Amazon already allows users to store multiple credit cards and addresses
  • Why not allow users to create personae linked to each with option of keeping recommendations and history separate (would allow easy way to separate work/home/gift personae)?
allow users to access all privacy related options in one place

REDUCING PRIVACY RISKS

Allow users to access all privacy-related options in one place
  • Currently privacy-related options are found with relevant features
  • Users have to be aware of features to find the options
  • Put them all in one place
  • But also leave them with relevant features
i didn t buy it for myself

REDUCING PRIVACY RISKS

I didn’t buy it for myself

How about an “I didn’t buy it for myself” check-off box (perhaps automatically checked if gift wrapping is requested)

I didn’t buy it for myself

can we apply user modeling expertise to privacy

PERSONALIZING PRIVACY

Can we apply user modeling expertise to privacy?
  • Personalized systems cause privacy concerns
  • But can we use personalization to help address these concerns?
what is privacy

PERSONALIZING PRIVACY

What is privacy?

“the claim of individuals… to determine for themselves when, how, and to what extent information about them is communicated to others.”- Alan Westin, 1967

privacy as process

PERSONALIZING PRIVACY

Privacy as process

“Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication….”

- Alan Westin, 1967

but individuals don t always engage in adjustment process
Lack of knowledge about how info is used

Lack of knowledge about how to exercise control

Too difficult or inconvenient to exercise control

Data collectors should inform users

Data collectors should provide choices and controls

Sounds like a job for a user model!

PERSONALIZING PRIVACY

But individuals don’t always engage in adjustment process
example managing privacy at web sites

PERSONALIZING PRIVACY

Example: Managing privacy at web sites
  • Website privacy policies
    • Many posted
    • Few read
  • What if your browser could read them for you?
    • Warn you not to shop at sites with bad policies
    • Automatically block cookies at those sites
platform for privacy preferences p3p

PERSONALIZING PRIVACY

Platform for Privacy Preferences (P3P)
  • 2002 W3C Recommendation
  • XML format for Web privacy policies
  • Protocol enables clients to locate and fetch policies from servers
privacy bird

PERSONALIZING PRIVACY

Privacy Bird
  • P3P user agent originally developed by AT&T
  • Free download and privacy search service at http://privacybird.com/
  • Compares user preferences with P3P policies
slide46

PERSONALIZING PRIVACY

Link to opt-out page

i would like to give the bird some feedback

PERSONALIZING PRIVACY

I would like to give the bird some feedback
  • “I read this policy and actually I think it’s ok”
  • “I took advantage of the opt-out on this site so there is no problem”
  • “This site is a banking site and I want to be extra cautious when doing online banking”
especially important if bird takes automatic actions

PERSONALIZING PRIVACY

Especially important if bird takes automatic actions
  • Not critical when bird is only informational
  • But if bird blocks cookies, the wrong decision will get annoying
other example applications for personalizing privacy

PERSONALIZING PRIVACY

Other example applications for personalizing privacy
  • Buddy lists: when to reveal presence information and to whom
  • Friend finder services: when to reveal location information and what level of detail
  • Personalized ecommerce sites: when to start and stop recording my actions, which persona to use
conclusions
Conclusions
  • Personalization often has real privacy risks
  • Address these risks by minimizing data collection and storage, putting users in control
  • Challenge: Can we make it easier for users to be in control by personalizing privacy?