Since 2015, an increased number of asylum seekers is coming to Europe. These migration movements increasingly rely on digital infrastructure, such as mobile internet access and online services, in order to reach their targeted destination countries. Asylum seekers often use smartphones for information and communication purposes. Even though there are many positive aspects in the use of such technologies, researchers have to consider the perceived risks of this specific user group. This work aims at investigating the use of mobile information technologies by asylum seekers during their flight, especially taking privacy into account. Thus, it examines asylum seekers’ digital privacy perceptions and identifies privacy protection behaviors by conducting a qualitative interview study with 14 asylum seekers who applied for asylum in Germany. The results show that asylum seekers are often aware of the various risks deriving from the use of smartphones and ICT, such as surveillance and persecution by state or non-state actors as well as extortion by criminals. Based on this, this work further more outlines different strategies used to manage these risks. Since the lack of privacy and trust leads to avoidance behavior, the insights of this study provide valuable information for the design of assistance apps and collaboration platforms, which appropriately address the specific needs for digital privacy in the context of flight, or for the conception of privacy-enhancing technologies helping to achieve this.
https://doi.org/10.1145/3479526
The opportunity for online engagement increases possible exposure to potentially risky behaviors for teens, which may have significant negative consequences. Effective family communication about online safety can help reduce the risky adolescent behavior and limit the consequences after it occurs. Our paper contributes a theory of communication factors that positively influence teen and parent perception of communication about online safety and provides design implications based on those findings. While previous work identified gaps in family communication regarding online safety, our study quantitatively identified the factors that significantly contribute to parents’ and teens’ differing perceptions. We analyzed data from a survey of 215 teen-parent pairs through a cross-sectional design and examined the factors that contribute to increased family communication about online safety. For parents, active mediation, technical monitoring, and a perceived positive affect of the teen were associated with higher levels of family communication. Our results were similar for teens, except that the teen’s online safety concern and parental monitoring were also positively associated with increased family communication, while restrictive mediation was associated with lower levels of family communication. Many existing designs for online safety support a restrictive approach, despite teens not wanting technical restrictions. A key implication of our findings is that teens view active mediation and monitoring positively in respect to family communication. Contrary to mainstream narratives, this finding suggests that teens value parental involvement and do not desire complete independence online. By examining specific mechanisms which can hinder or improve family communication between parents and teens regarding online safety, we recommend solutions that give teens an active role in their online safety and facilitate effective family communication through cooperation between both parties, rather than technologies that promote parental restriction.
https://doi.org/10.1145/3479517
Managing digital privacy and security is often a collaborative process, where groups of individuals work together to share information and give one another advice. Yet, this collaborative process is not always reciprocal or equally shared. In many cases, individuals with more expertise help others without receiving help in return. Therefore, we studied the phenomenon of “Tech Caregiving" by surveying 20 groups (112 individuals) comprised of friends, family members, and/or co-workers who identified at least one member of their group as a someone who provides informal technical support to the people they know. We found that tech caregivers reported significantly higher levels of power use and self-efficacy for digital privacy and security, compared to tech caregivees. However, caregivers and caregivees did not differ based on their self-reported community collective efficacy for collaboratively managing privacy and security together as a group. This finding demonstrates the importance of tech caregiving and community belonging in building community collective efficacy for digital privacy and security. We also found that caregivers and caregivees most often communicated via text message or phone when coordinating support, which was most frequently needed when troubleshooting or setting up new devices. Meanwhile, discussions specific to privacy and security represented only a small fraction of the issues for which participants gave or received tech care. Thus, we conclude that educating tech caregivers on how to provide privacy and security-focused support, as well as designing technologies that facilitate such support, has the potential to create positive networks effects towards the collective management of digital privacy and security.
https://doi.org/10.1145/3479540
Individuals share increasing amounts of personal multimedia data, exposing themselves (uploaders) as well as others (data subjects). Non-consensual sharing of multimedia data that depicts others raises so-called multiparty privacy conflicts (MPCs), which can have severe consequences. To limit the incidence of MPCs, a family of Precautionary mechanisms have recently been developed that force uploaders to collaborate with the other data subjects to prevent MPCs. However, there is still very little work on understanding how users perceive the Precautionary mechanisms together with which ones they prefer and why. In addition, Precautionary mechanisms have some limitations, e.g., they require linking content to the co-owners’ identity. Therefore, we also explore alternatives to Precautionary mechanisms and propose a new class of solutions—Dissuasive mechanisms—that aim at deterring the uploaders from sharing without consent. We then present a user-centric comparison of Precautionary and Dissuasive mechanisms, through a large-scale survey (𝑁 = 1792). Our results showed that respondents prefer Precautionary to Dissuasive mechanisms. These enforce collaboration, provide more control to the data subjects, but also they reduce uploaders’ uncertainty around what is considered appropriate for sharing. We learned that threatening legal consequences is the most desirable Dissuasive mechanism, and that respondents prefer the mechanisms that threaten users with immediate consequences (compared with delayed consequences). Dissuasive mechanisms are in fact well received by frequent sharers and older users, while Precautionary mechanisms are preferred by women and younger users. We discuss the implications for design, including considerations about side leakages, consent collection, and censorship.
https://doi.org/10.1145/3449127
The ever increasing amount of data on people's smartphones often contains private information of others that people interact with via the device. As a result, one user's decisions regarding app permissions can expose the information of other users. However, research typically focuses on consequences of privacy-related decisions only for those who make the decisions. Work on the impact of these decisions on the privacy of others is still relatively scant. We fill this gap with an online study that extends prior work on interdependent privacy in social networking sites to the context of smartphone permissions. Our findings indicate that people typically give less consideration to the implications of their actions for the privacy of others, compared to the impact on themselves. However, we found that priming people with information that features others can help reduce this discrepancy. We apply this insight to offer suggestions for enhancing permission-specification interfaces and system architectures to accommodate interdependent privacy.
https://doi.org/10.1145/3479581
Malicious communications aimed at tricking employees are a serious threat for organisations, necessitating the creation of procedures and policies for how to quickly respond to ongoing attacks. While automated measures provide some protection, they cannot completely protect an organisation. In this case study, we use interviews and observations to explore the processes staff at a large University use when handling reports of malicious communication, including how the help desk processes reports, who they escalate them to, and how teams who manage protections like the firewalls and mail relays use reports to improve defences. We found that the process and work patterns are a distributed cognitive process requiring multiple distinct teams with narrow system access, and tactic knowledge. Sudden large campaigns were found to overwhelm the help desk with reports, greatly impacting staff's workflow and hindering effective application of mitigation's and the potential for learning. We detail potential improvements to the current ticketing system, and reflect on ITIL, the framework of best practices that informed the full process.
https://doi.org/10.1145/3476079
Data protection regulatory policies, such as the European Union's General Data Protection Regulation (GDPR), force website operators to request users' consent before collecting any personal information revealed through their web browsing. Website operators, motivated by the potential value of the collected personal data, employ various methods when designing consent notices (e.g., dark patterns) in order to convince users to allow the collection of as much of their personal data as possible. In this paper, we design and conduct a user study where 1100 MTurk workers interact with eight different designs of cookie consent notices. We show that the nudging designs used in the different cookie consent notices have a large effect on the choices user make. Our results show that colour-based nudging bars can have a significant impact on the participants' decisions to change the default cookie settings, despite using dark patterns. Also, in contrast to previous works, we report that users who do not use ad-blocking software are less likely to modify default cookie settings. Our findings demonstrate the importance of nudged interfaces and the effects that orthogonal nudging techniques can have on users' choices.
https://doi.org/10.1145/3476087
Manipulation defines many of our experiences as a consumer, including subtle nudges and overt advertising campaigns that seek to gain our attention and money. With the advent of digital services that can continuously optimize online experiences to favor stakeholder requirements, increasingly designers and developers make use of "dark patterns"—forms of manipulation that prey on human psychology—to encourage certain behaviors and discourage others in ways that present unequal value to the end user. In this paper, we provide an account of end user perceptions of manipulation that builds on and extends notions of dark patterns. We report on the results of a survey of users conducted in English and Mandarin Chinese (n=169), including follow-up interviews from nine survey respondents. We used a card sorting method to support thematic analysis of responses from each cultural context, identifying both qualitatively-supported insights to describe end users' felt experiences of manipulative products and a continuum of manipulation. We further support this analysis through a descriptive analysis of survey results and the presentation of examples from the interviews. We conclude with implications for future research, considerations for public policy, and guidance on how to further empower and give users autonomy in their experiences with digital services.
https://doi.org/10.1145/3479516