This paper addresses calls for more research on privacy in the gig economy across a range of work platforms. To understand privacy risks, behaviors, and consequences from the perspective of workers, we analyzed workers' posts about privacy and surveillance from 12 Reddit forums representing four main types of work (crowdwork, freelancing, ridesharing, and delivery). We found that workers perceive both platform companies and customers as sources of unnecessary and opaque data collection and surveillance that can threaten their privacy, safety, and economic outcomes. Workers also engage in many risk mitigation strategies, including self-protective surveillance behaviors such as video recording themselves and customers, as a costly but necessary response to power imbalances created by surveillance. Based on our multi-platform analysis, we present a guiding set of questions that workers, designers, and researchers can use to assess the privacy implications of current and future gig work platforms.
https://dl.acm.org/doi/abs/10.1145/3491102.3502083
A person's online security setup is tied to the security of their individual accounts. Some accounts are particularly critical as they provide access to other online services. For example, an email account can be used for external account recovery or to assist with single-sign-on. The connections between accounts are specific to each user's setup and create unique security problems that are difficult to remedy by following generic security advice. In this paper, we develop a method to gather and analyze users' online accounts systematically. We demonstrate this in a user study with 20 participants and obtain detailed insights on how users' personal setup choices and behaviors affect their overall account security. We discuss concrete usability and privacy concerns that prevented our participants from improving their account security. Based on our findings, we provide recommendations for service providers and security experts to increase the adoption of security best practices.
https://dl.acm.org/doi/abs/10.1145/3491102.3502125
Many websites have added cookie consent interfaces to meet regulatory consent requirements. While prior work has demonstrated that they often use dark patterns - design techniques that lead users to less privacy-protective options - other usability aspects of these interfaces have been less explored. This study contributes a comprehensive, two-stage usability assessment of cookie consent interfaces. We first inspected 191 consent interfaces against five dark pattern heuristics and identified design choices that may impact usability. We then conducted a 1,109-participant online between-subjects experiment exploring the usability impact of seven design parameters. Participants were exposed to one of 12 consent interface variants during a shopping task on a prototype e-commerce website and answered a survey about their experience. Our findings suggest that a fully-blocking consent interface with in-line cookie options accompanied by a persistent button enabling users to later change their consent decision best meets several design objectives.
https://dl.acm.org/doi/abs/10.1145/3491102.3501985
COVID-19 exposure-notification apps have struggled to gain adoption. Existing literature posits as potential causes of this low adoption: privacy concerns, insufficient data transparency, and the type of appeal – collective- vs. individual-good – used to frame the app. As policy guidance suggests using tailored advertising to evaluate the effects of these factors, we present the first field study of COVID-19 contact tracing apps with a randomized, control trial of 14 different advertisements for CovidDefense, Louisiana’s COVID-19 exposure-notification app. We find that all three hypothesized factors -- privacy, data transparency, and appeals framing -- relate to app adoption, even when controlling for age, gender, and community density. Our results offer (1) the first field evidence supporting the use of collective-good appeals, (2) nuanced findings regarding the efficacy of data and privacy transparency, the effects of which are moderated by appeal framing and potential users’ demographics, and (3) field-evidence-based guidance for future efforts to encourage pro-social health technology adoption.
https://dl.acm.org/doi/abs/10.1145/3491102.3501869
User adoption of security and privacy (S&P) best practices remains low, despite sustained efforts by researchers and practitioners. Social influence is a proven method for guiding user S&P behavior, though most work has focused on studying peer influence, which is only possible with a known social graph. In a study of 104 Facebook users, we instead demonstrate that crowdsourced S&P suggestions are significantly influential. We also tested how reflective writing affected participants' S&P decisions, with and without suggestions. With reflective writing, participants were less likely to accept suggestions --- both social and Facebook default suggestions. Of particular note, when reflective writing participants were shown the Facebook default suggestion, they not only rejected it but also (unknowingly) configured their settings in accordance with expert recommendations. Our work suggests that both non-personal social influence and reflective writing can positively influence users' S&P decisions, but have negative interactions.
https://dl.acm.org/doi/abs/10.1145/3491102.3502009