Smart homes continue to raise concerns about privacy and encroachment of businesses into intimate spaces. Prior research has focused on families and device owners in western contexts (Europe and North America), and has identified the importance of bystanders: individuals who are subjected to smart device use of others. Given the cultural and contextual aspects of accommodating bystanders, we identify a gap where bystanders in non-western societies have been insufficiently researched. To address this we conduct 20 interviews with domestic workers and household employers in Jordan, exploring privacy attitudes and practices. Our analysis uncovers a complex interplay between religious and social norms; legal and regulatory perspectives on privacy; and tensions between households and their domestic workers. We explore issues arising from smart homes coexisting as a residence and workplace, and highlight how workplace protections are ill-suited. We structure our findings to help inform public awareness, policy makers, manufacturers, and future research.
https://dl.acm.org/doi/abs/10.1145/3491102.3502097
The Amazon Alexa voice assistant provides convenience through automation and control of smart home appliances using voice commands. Amazon allows third-party applications known as skills to run on top of Alexa to further extend Alexa's capability. However, as multiple skills can share the same invocation phrase and request access to sensitive user data, growing security and privacy concerns surround third-party skills. In this paper, we study the availability and effectiveness of existing security indicators or a lack thereof to help users properly comprehend the risk of interacting with different types of skills. We conduct an interactive user study (inviting active users of Amazon Alexa) where participants listen to and interact with real-world skills using the official Alexa app. We find that most participants fail to identify the skill developer correctly (i.e., they assume Amazon also develops the third-party skills) and cannot correctly determine which skills will be automatically activated through the voice interface. We also propose and evaluate a few voice-based skill type indicators, showcasing how users would benefit from such voice-based indicators.
https://dl.acm.org/doi/abs/10.1145/3491102.3517510
Fitness tracking applications allow athletes to record and share their exercises online, including GPS routes of their activities. However, sharing mobility data potentially raises real-world privacy and safety risks. One strategy to mitigate that risk is a “Privacy Zone,” which conceals portions of the exercise routes that fall within a certain radius of a user-designated sensitive location. A pressing concern is whether privacy zones are an effective deterrent against common attackers, such as a bike thief that carefully scrutinizes online exercise activities in search of their next target. Further, little is known about user perceptions of privacy zones or how they fit into the broader landscape of available privacy precautions. This work presents an online user study (N=603) that investigates the privacy concerns of fitness tracking users and evaluates the efficacy of privacy zones. Participants were first asked about their privacy behaviors with respect to fitness tracking applications. Next, participants completed an interactive task in which they attempted to deduce hidden locations protected by a privacy zone; we manipulated the number of displayed exercise activities that interacted with the privacy zone, as well as its size. Finally, participants were asked further questions about their impressions of privacy zones and use of other privacy precautions. We found that participants successfully inferred protected locations; for the most common privacy zone size, 68% of guesses fell within 50 meters of the hidden location when participants were shown just 3 activities. Further, we found that participants who viewed 3 activities were more confident about their success in the task compared to participants who viewed 1 activity. Combined, these results indicate that users’ privacy-sensitive locations are at risk even when using a privacy zone. We conclude by considering the implications of our findings on related privacy features and discuss recommendations to fitness tracking users and services to improve the privacy and safety of fitness trackers.
https://dl.acm.org/doi/abs/10.1145/3491102.3502136
In this paper, we studied people’s smart home privacy-protective behaviors (SH-PPBs), to gain a better understanding of their privacy management do’s and don’ts in this context. We first surveyed 159 participants and elicited 33 unique SH-PPB practices, revealing that users heavily rely on ad hoc approaches at the physical layer (e.g., physical blocking, manual powering off). We also characterized the types of privacy concerns users wanted to address through SH-PPBs, the reasons preventing users from doing SH-PPBs, and privacy features they wished they had to support SH-PPBs. We then storyboarded 11 privacy protection concepts to explore opportunities to better support users’ needs, and asked another 227 participants to criticize and rank these design concepts. Among the 11 concepts, Privacy Diagnostics, which is similar to security diagnostics in anti-virus software, was far preferred over the rest. We also witnessed rich evidence of four important factors in designing SH-PPB tools, as users prefer (1) simple, (2) proactive, (3) preventative solutions that can (4) offer more control.
https://dl.acm.org/doi/abs/10.1145/3491102.3517602