1 / 32

Understanding and Capturing People’s Privacy Policies in a People Finder Application

Understanding and Capturing People’s Privacy Policies in a People Finder Application. Madhu Prabaker, Jinghai Rao, Ian Fette, Patrick Kelley, Lorrie Cranor, Jason Hong, Norman Sadeh Carnegie Mellon University. Overview. Case study of People Finder application What it is How it works

holli
Download Presentation

Understanding and Capturing People’s Privacy Policies in a People Finder Application

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Understanding and Capturing People’s Privacy Policies in a People Finder Application Madhu Prabaker, Jinghai Rao, Ian Fette, Patrick Kelley, Lorrie Cranor, Jason Hong, Norman SadehCarnegie Mellon University

  2. Overview • Case study of People Finder application • What it is • How it works • Lab studies and field trials • Lessons Learned / Opinions and Conjectures

  3. User-Controllable Privacy and SecurityProject Overview • Overall Goal: Better UIs for managing privacy and security for pervasive computing • Simple ways of specifying policies • Clear notifications and explanations of what happened • Better visualizations to summarize results • Machine learning for learning preferences • Start with small evaluations, continue with large-scale ones • Large multi-disciplinary team and project • Six faculty, 2 postdocs, five students • Roughly 2 years into project

  4. User-Controllable Privacy and SecurityProject Overview • Applications • People Finder • Contextual Instant Messaging (later at Ubicomp) • Grey: Access Control to resources • Some Challenges • Not being burdensome or annoying • Right balance of expressiveness and simplicity • Providing enough value so people will use our apps! • Security & privacy our main concern, but not users’

  5. People Finder • Lets you find other people’s location, subject to any specified rules • Okayness checking • Rendezvous • Requestors have a list of buddies whose location they can request via web, system tray, or mobile phone

  6. Web Interface

  7. System Tray and Mobile Phone

  8. Plausible Deniability Built in

  9. Found a Person

  10. Found Another Person

  11. Some Architectural Details • Laptop version uses Skyhook for positioning • Skyhook based on Intel Place Lab, uses WiFi localization • We also use a database provided by CMU to determine name of location • Each WiFi access point has an associated place name • “Newell-Simon Hall 2504” • Mobile phone version uses Intel POLS for positioning • POLS uses GSM towers for localization • Doesn’t work well in Pittsburgh, not enough GSM towers

  12. Users can Specify Rules • Also generates human-readable description of rule

  13. More Rules

  14. Can Also Specify Places in Rules

  15. User FeedbackBalloon Pop-Up • Basic feedback (currently only for laptops)

  16. User FeedbackRequest History

  17. User FeedbackRequest History

  18. History Also Used for Audits and ML

  19. History Also Used for Audits and ML

  20. System Architecture

  21. System Architecture • Centralized architecture • Location stored in a server rather than on end-user devices • Doesn’t this go against design goals of Place Lab, POLS, and your dissertation, Jason? • Some Musings on Privacy • No users even asked about this issue • Would likely only be small subset of tech-savvy users • Easier upgrades (think service vs app) • Made it very easy to add laptop functionality • Makes “Last seen” feature possible • Better performance for some features (ex. querying groups)

  22. Lab Studies • Goal: how well does Machine Learning work for learning prefs? • Setup • 19 participants • Asked to create initial rule set • Go thru a 30 scenarios where someone requested location • What their rule would do • Whether they agreed with rule • Option to change their rules

  23. Lab Studies • Users not very accurate • ~5 min to create rules, 8 min if include refining rules • #Rules ranged 1-10, ~5 rules • Weak correlation between time spent and accuracy • Case-based reasoning yielded pretty good results • Caveat: scenarios probed unusual situations, may not mirror actual practice

  24. Field Trials • Three different groups (not simultaneous) • 15 team members amongst ourselves, 6 wks • 7 MBA students, 2 wks • 6 people involved in organizing Spring Carnival, 9 days • Asked or paid people to audit, to see accuracy • Usage uneven • #Requests ranged from single digits to 100s • Looking at top 12 heavy users, accuracy of rules ~79% • People tended to relax rules over time • Initially were conservative, allowed more use later on

  25. Lessons Thus Far • Surprisingly few concerns about privacy • No user expressed strong privacy concerns • Feature requests were always non-privacy related • If low usage, due to not enough utility, not due to privacy • Does this mean our privacy is good enough, or is this because of users’ attitudes and behaviors? • Hard to tell

  26. Users’ Attitudes and Behaviors • Westin identified three clusters of people wrt attitudes toward commercial entities • Fundamentalists (~25%) • Unconcerned (~10%) • Pragmatists (~65%) • We need something like this for ubicomp • But for personal privacy rather than for commercial entities • With more fine-grained segmentation • Fundamentalists include techno-libertarians and luddites • Pragmatists include too busy, not enough value, etc • Better segmentation would help us understand if our privacy is good enough

  27. Users’ Attitudes and Behaviors • Need to tie better with adoption models

  28. Lessons Thus Far • Also need to consider cost-benefit issues • Lowering Costs • Making rule creation easier and faster • Facebook widget, avoid “yet another social network” problem • Linking with instant messaging • Phone with GPS built-in rather than separate device • Increasing Benefits • Speed of getting someone’s location • Getting multiple people’s locations • Finding location of people not on list • Quality of location (accuracy, place names)

  29. Lessons Thus Far • Critical mass a huge problem • Started with mobile phones, but high-end phones so we could only deploy a few at a time • Laptop version helped address this problem • Believe Facebook widget will overcome this problem • People did not use history and auditing features often • Primarily because we asked or paid them • IMBuddy: But seemed to feel better knowing it was there! • Other features to assuage concerns, even if not used?

  30. Our Next Steps • Facebook widget and larger study • Adding more features • More contextual info, interruptibility and window name • Simplified user interface • Simplifying the privacy model • Supporting common patterns (co-workers only when at work, family and close friends always, etc)

  31. End-User Privacy in HCI • 137 page article surveying privacy in HCI and CSCW • Forthcoming in the new Foundations and Trends journal, in a few weeks

  32. Acknowledgements • NSF Cyber Trust CNS-0627513 • NSF IIS CNS-0433540 • ARO DAAD19-02-0389 • France Telecom • Nokia • IBM • Skyhook

More Related