Privacy Perceptions and Misconceptions

会議の名前
CHI 2023
Understanding and Mitigating Technology-Facilitated Privacy Violations in the Physical World
要旨

We are constantly surrounded by technology that collects and processes sensitive data, paving the way for privacy violations. Yet, current research investigating technology-facilitated privacy violations in the physical world is scattered and focused on specific scenarios or investigates such violations purely from an expert's perspective. Informed through a large-scale online survey, we first construct a scenario taxonomy based on user-experienced privacy violations in the physical world through technology. We then validate our taxonomy and establish mitigation strategies using interviews and co-design sessions with privacy and security experts. In summary, this work contributes (1) a refined scenario taxonomy for technology-facilitated privacy violations in the physical world, (2) an understanding of how privacy violations manifest in the physical world, (3) a decision tree on how to inform users, and (4) a design space to create notices whenever adequate. With this, we contribute a conceptual framework to enable a privacy-preserving technology-connected world.

著者
Maximiliane Windl
LMU Munich, Munich, Germany
Verena Winterhalter
LMU Munich, Munich, Germany
Albrecht Schmidt
LMU Munich, Munich, Germany
Sven Mayer
LMU Munich, Munich, Germany
論文URL

https://doi.org/10.1145/3544548.3580909

動画
Investigating Deceptive Design in GDPR's Legitimate Interest
要旨

Legitimate interest is one of the six grounds for processing data under the European Union's General Data Protection Regulation (GDPR). The flexibility and ambiguity of the term "legitimate interests" can be problematic; coupled with the lack of enforcement from legal authorities and different interpretations from the various data protection authorities, legitimate interests can be taken advantage of as a loophole to collect more user data. Drawing insights from multiple disciplines, we ran two studies to empirically investigate the deceptive designs being used when legitimate interests are applied in privacy notices, and how user perceptions line up with these practices. We identified six deceptive designs, and found that the ways legitimate interest is applied in practice does not match user expectations.

著者
Lin Kyi
Max Planck Institute for Security and Privacy, Bochum, Germany
Sushil Ammanaghatta Shivakumar
Max Planck Institute for Security and Privacy, Bochum, Germany
Cristiana Teixeira Santos
Utrecht University, Utrecht , Netherlands
Franziska Roesner
University of Washington, Seattle, Washington, United States
Frederike Zufall
Max Planck Institute for Research on Collective Goods, Bonn, Germany
Asia J.. Biega
Max Planck Institute for Security and Privacy, Bochum, Germany
論文URL

https://doi.org/10.1145/3544548.3580637

動画
Less About Privacy: Revisiting a Survey about the German COVID-19 Contact Tracing App
要旨

The release of COVID-19 contact tracing apps was accompanied by a heated public debate with much focus on privacy concerns, e.g., possible government surveillance. Many papers studied people's intended behavior to research potential features and uptake of the apps. Studies in Germany conducted before the app's release, such as that by Häring et al., showed that privacy was an important factor in the intention to install the app. We conducted a follow-up study two months post-release to investigate the intention-behavior-gap, see how attitudes changed after the release, and capture reported behavior. Analyzing a quota sample (n=837) for Germany, we found that fewer participants mentioned privacy concerns post-release, whereas utility now plays a greater role. We provide further evidence that the results of intention-based studies should be handled with care when used for prediction purposes.

受賞
Honorable Mention
著者
Maximilian Häring
University of Bonn, Bonn, Germany
Eva Gerlitz
Fraunhofer FKIE, Bonn, Germany
Matthew Smith
University of Bonn, Bonn, Germany
Christian Tiefenau
University of Bonn, Bonn, Germany
論文URL

https://doi.org/10.1145/3544548.3581537

動画
What is Sensitive About (Sensitive) Data? Characterizing Sensitivity and Intimacy of Google Assistant Speech Records
要旨

Digital technologies have increasingly integrated into people's lives, continuously capturing their behavior through potentially sensitive data. In the context of voice assistants, there is a misalignment between experts, regulators, and users on whether and what data is `sensitive', partly due to how data is presented to users; as single interactions. We investigate users' perspectives on the sensitivity and intimacy of their Google Assistant speech records, introduced comprehensively as single interactions, patterns, and inferences. We collect speech records through data donation and explore them in collaboration with 17 users during interviews based on predefined data-sharing scenarios. Our results indicate a tipping point in perceived sensitivity and intimacy as participants delve deeper into their data and the information derived from it. We propose a conceptualization of sensitivity and intimacy that accounts for the fuzzy nature of data and must disentangle from it. We discuss the implications of our findings and provide recommendations.

著者
Alejandra Gomez Ortega
Delft University of Technology, Delft, Netherlands
Jacky Bourgeois
TU Delft, Delft, Netherlands
Gerd Kortuem
Delft University of Technology, Delft, Netherlands
論文URL

https://doi.org/10.1145/3544548.3581164

動画
A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries
要旨

Misconceptions about digital security and privacy topics in the general public frequently lead to insecure behavior. However, little is known about the prevalence and extent of such misconceptions in a global context. In this work, we present the results of the first large-scale survey of a global population on misconceptions: We conducted an online survey with n = 12,351 participants in 12 countries on four continents. By investigating influencing factors of misconceptions around eight common security and privacy topics (including E2EE, Wi-Fi, VPN, and malware), we find the country of residence to be the strongest estimate for holding misconceptions. We also identify differences between non-Western and Western countries, demonstrating the need for region-specific research on user security knowledge, perceptions, and behavior. While we did not observe many outright misconceptions, we did identify a lack of understanding and uncertainty about several fundamental privacy and security topics.

著者
Franziska Herbert
Ruhr University Bochum, Bochum, Germany
Steffen Becker
Ruhr University Bochum, Bochum, Germany
Leonie Schaewitz
Ruhr University Bochum, Bochum, Germany
Jonas Hielscher
Ruhr University Bochum, Bochum, Germany
Marvin Kowalewski
Ruhr University Bochum, Essen, Germany
Angela Sasse
Ruhr University Bochum, Bochum, Germany
Yasemin Acar
George Washington University, Washington DC, District of Columbia, United States
Markus Dürmuth
Leibniz University Hannover, Hannover, Germany
論文URL

https://doi.org/10.1145/3544548.3581410

動画
A Psychometric Scale to Measure Individuals' Value of Other People's Privacy (VOPP)
要旨

Researchers invested enormous efforts to understand and mitigate the concerns of users as technologies collect their private data. However, users often undermine \emph{other} people's privacy when, e.g., posting other people's photos online, granting mobile applications to access contacts, or using technologies that continuously sense the surrounding. Research to understand technology adoption and behaviors related to collecting and sharing data about non-users has been severely lacking. An essential step to progress in this direction is to identify and quantify factors that affect technology's use. Toward this goal, we propose and validate a psychometric scale to measure how much an individual values \emph{other} people's privacy. We theoretically grounded the appropriateness and relevance of the construct and empirically demonstrated the scale's internal consistency and validity. This scale will advance the field by enabling researchers to predict behaviors, design adaptive privacy-enhancing technologies, and develop interventions to raise awareness and mitigate privacy risks.

著者
Rakibul Hasan
Arizona State University, Tempe, Arizona, United States
Rebecca Weil
CISPA - Helmholtz Center for Information Security, Saarbrücken, Germany
Rudolf Siegel
CISPA - Helmholtz Center for Information Security, Saarbrücken, Germany
Katharina Krombholz
Saarland Informatics Campus, Saarbrücken, Germany
論文URL

https://doi.org/10.1145/3544548.3581496

動画