Presentation is loading. Please wait.

Presentation is loading. Please wait.

HCI and user research on location privacy Dr. David Geerts Research Manager Centre for User Experience Research (CUO) IBBT / K.U.Leuven.

Similar presentations


Presentation on theme: "HCI and user research on location privacy Dr. David Geerts Research Manager Centre for User Experience Research (CUO) IBBT / K.U.Leuven."— Presentation transcript:

1 HCI and user research on location privacy Dr. David Geerts Research Manager Centre for User Experience Research (CUO) IBBT / K.U.Leuven

2 Overview Introduction to Human-Computer Interaction (HCI) Usability vs privacy Designing usable privacy » Usable privacy policies Location based privacy

3 Introduction to Human- Computer Interaction

4 Human-Computer Interaction (HCI) Studies how people use / interact with computers (technology) and how computers can be designed to make this interaction as successful as possible.

5 Usability "The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use" (ISO )

6 Evolution of human-computer interaction Efficient workstations » Human as cognitive-psychological actor » Guidelines, formal methods, systematic testing Groupware / communication / social context » Humans as social actors » Participatory design, prototyping, contextual design Home environment / ubiquitous computing » Increased importance of culture, emotion and experience » Exploratory methods, cultural probes, … 70’s 80’s 90’s 00’s

7 Understand and specify the context of use Specify the user requirements Produce design solutions to meet user requirements Evaluate the designs against requirements Plan the human-centred design process Designed solution meets user requirements Iterate, where appropriate ISO/FDIS :2009

8 Usability vs Privacy “Most invasions of privacy are not intentional but due to designers’ inability to anticipate how this data could be used, by whom, and how this might affect users” (Adams & Sasse, 2001)

9 Privacy from HCI perspective Restricting access to personal information » “Leave me alone” Controlling use of personal information » “Let me decide” Privacy is “the ability of individuals to control the terms under which their personal information is acquired and used” (Culnan, 2000)

10 User goals and privacy Privacy is not the user’s main goal » Secondary to completing main task Controlling privacy settings » Makes systems more complex » Hinders ease-of-use Usable privacy settings » Provide transparent solutions » Put the user in control » Informs the user about what is going on

11 User types Technical users » Apt at using technology » Not a privacy expert Business and legal experts » Accustomed to compliance and policy rules » Not always technically inclined End-users » Very diverse backgrounds » Many with only limited technical knowledge » Limited knowledge about impact of privacy policies

12 Users have different types of concerns Unauthorized others accessing their personal data » Security breaches » Lack of internal control Risk of secondary use » Reuse of personal data for other uses (without consent) » Sharing with third parties » Aggregation into a profile Inability to correct errors General anxiety about personal data being collected

13 Users have different levels of concern Privacy fundamentalists » Uncompromising about their privacy » 37% of the US population Privacy unconcerned » Indifferent to privacy concerns » 11% of the US population Privacy pragmatists » Concerned about privacy, but willing to trade personal data for benefit » 52% of the US population Not absolute » Changes over time (25% privacy fundamentalists in 2000) » Cultural differences

14

15

16 Self-reports vs observed behaviour Reading privacy policies and taking concrete actions » Reported as an important user concern » Actual rates in log-files are much lower TRUSTe mark and privacy policies » Regarded by users as good trust indicators » Content is usually not considered, just presence » When present, users would divulge information, even if not warranted Increase awareness about privacy issues » Design usable privacy tools

17 Designing usable privacy

18 Five Pitfalls in the Design for Privacy (Lederer et al.) Understanding Privacy Implications » Obscuring potential information flow (1) » Obscuring actual information flow (2) Socially Meaningful Action » Emphasizing configuration over action (3) » Lacking coarse-grained control (4) » Inhibiting established practice (5)

19 Pitfall 1: Obscuring potential information flow Systems should clearly communicate the nature and extent of their potential for information disclosure » Types of information » Kinds of observers » Media through which it is conveyed » Length of retention » Potential for unintentional disclosure » Presence of third party observers » Collection of meta-information Making scope clear helps users understand capabilities and limits of the system

20 Example pitfall 1

21 Pitfall 2: Obscuring actual information flow Designs should make clear the actual disclosure of information through the system Disclosure should be obvious to the user as it occurs or within a reasonable delay Provide sufficient feedback to inform but not overwhelm the user

22 Example pitfall 2

23 Pitfall 3: Emphasizing configuration over action Design should not require excessive configuration to create and maintain privacy » People predict preferences incorrectly or forget preferences over time » This creates condition for invasion of privacy Because configuration has become a universal UI design pattern, many systems fall in to the configuration pitfall

24 Example pitfall 3

25 Pitfall 4: Lacking coarse-grained control Designs should offer an obvious top-level mechanism for halting and resuming information disclosure Users are accustomed to turning something off when they want it to stop Simple power / exit button will do Ordinal controls are another possibility » E.g. precision dial for revealing location

26 Example pitfall 4

27 Pitfall 5: Inhibiting established practice Privacy is managed through a range of established, nuanced practices By supporting roles, expectations, and practices already used in target context… Designs accommodate user’s natural efforts to transfer existing skills to new media

28 Example pitfall 5

29 Questions to ask about a privacy cue Do users notice it? Do they know what it means? Do they know what they are supposed to do when they see it? Will they actually do it? Will they keep doing it? The answers? » User studies

30 Usable privacy policies “It is an open question how users perceive and trust in different PETs” (Wikipedia, 2011)

31 Usable privacy policies (Kelley et al., 2010) Current privacy policies are not usable » Created for legal purposes rather than inform users » Users are not able to reliably understand companies’ privacy practices with any of the current formats Consequence? » Users do not read privacy policies ∙ Users think they don’t have a choice but accept it » Users cannot compare privacy policies of competitors Towards usable privacy policies » Kelley et al. (2010) used an iterative design process to create usability privacy policies » Survey with 764 users to test comprehensibility, comparability and likeability of alternative privacy policies

32 Traditional: full text

33 Layered text

34 Standardized short text format

35 Standardized table and short table

36 Conclusions Kelley et al. (2010) Usable formats » lead to more correct answers » made participants find information faster » were more enjoyed by participants

37 Location based privacy “Privacy concerns have not kept [people] from experimenting with and adopting this emerging technology” (Lindqvust et al., 2011)

38 What are location-based services (LBS)? “A location-based service (LBS) is an information or entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device” (Wikipedia, 2011) Types of LBS » Location sharing (e.g. with friends) » Finding information » Getting recommendations » Receiving alerts » Mobile advertising » Playing games

39 Foursquare

40 Gowalla

41 Google Latitude

42 Facebook Places

43 Why do people use check-in apps? Personal tracking Intimate sharing at a distance Discovery of new people Running into friends Gaming aspect Seeing where friends have been Non-routine places At large events (Lindqvist et al., 2011)

44 Why do people use FourSquare? Badges and fun » Being proud of bades earned, playing a game with friends Social connection » Keeping in touch, coordinating with friends Place discovery » Getting discounts, recommendations of new places Keeping track of places Game with yourself » Playing a game alone, having sth to do when bored (Lindqvist et al., 2011)

45 Privacy concerns with LBS ivacy-please-u-s-smartphone-app-users- concerned-with-privacy-when-it-comes-to-location/ why_people_do_dont_use_location_ap ps_survey.php

46 Privacy concerns on FourSquare Majority of existing users have few privacy concerns » Contrast of self-reports vs actual behaviour How do people manage their privacy? » Checking in when leaving a location » Not checking in at certain places ∙ At home or work ∙ At embarrassing places (fast food, strip club, …) ∙ Other people’s homes » Not connecting or broadcasting to twitter or facebook (Lindqvist et al., 2011)

47 Which information do people disclose? Burghardt et al., 2009

48 User requirements for PETs in LBS People tend to disclose everything to everybody » Only very sensitive information is kept private People do not think that joining data might lead to privacy leaks » Automated PETs which warn the user about to disclose privacy- threatening combinations of information People frequently disclose important locations of their everyday life » But people care for the privacy of their friends more than for their own privacy Need for PETs that specify in a fine-grained way which particular information is publicly visible » Mechanisms requiring constant awareness fail in practice Burghardt et al., 2009

49 The impact of feedback Persons receiving feedback » Become more comfortable with sharing their location information » Had a lesser degree of concern for their privacy after use of the system than before (Tsai et al., 2009)

50 Sharing locations with advertisers Kelley et al., 2011

51 Sharing locations with advertisers Kelley et al., 2011

52 Sharing locations with advertisers Specifying time and location makes users more comfortable sharing their location » Weekdays from 9-17 » Second and third most visited locations Privacy settings should be more fine-grained » Opt-in/opt-out is too broad » Users are willing to share more information when defining two or more rules, based on time and location Kelley et al., 2011

53 Conclusion

54 Tension between usability and privacy » Diverse user groups » Privacy is not primary task Users are generally concerned about their privacy » But do not always act accordingly Usable privacy design is important » Provide information and feedback » Give users appropriate control (but not too much) » Align with real social practices

55 Questions?

56 References Cranor, L., & Garfinkel, S. (2005). Security and Usability: Designing Secure Systems that People Can Use. O'Reilly Media, Inc. Tsai, J. Y., Kelley, P., Drielsma, P., Cranor, L. F., Hong, J., & Sadeh, N. (2009). Who's viewed you?: the impact of feedback in a mobile location- sharing application. In Proceedings of the 27th international conference on Human factors in computing systems (pp ). Boston, MA, USA: ACM. Ahern, S., Eckles, D., Good, N. S., King, S., Naaman, M., & Nair, R. (2007). Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp ). San Jose, California, USA: ACM. Olson, J. S., Grudin, J., & Horvitz, E. (2005). A study of preferences for sharing and privacy. In CHI '05 extended abstracts on Human factors in computing systems (pp ). Portland, OR, USA: ACM. Karat, J., Karat, C.-M., Brodie, C. (2007). Human-Computer Interaction Viewed from the Intersection of Privacy, Security, and Trust. In Sears, A., & Jacko, J. A. (2007). The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies and Emerging Applications, Second Edition (2nd ed.). CRC.

57 References (2) Gross, R., Acquisti, A., & H. John Heinz, I. I. I. (2005). Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society (pp ). Alexandria, VA, USA: ACM. Cranor, L., Hong, J. & Reiter, M. Teaching Usable Privacy and Security: A guide for instructors. Available online at guide/http://cups.cs.cmu.edu/course- guide/ Lipford, H. R., Watson, J., Whitney, M., Froiland, K., & Reeder, R. W. (2010). Visual vs. compact: a comparison of privacy policy interfaces. In Proceedings of the 28th international conference on Human factors in computing systems (pp ). Atlanta, Georgia, USA: ACM. Besmer, A., & Lipford, H. R. (2010). Moving beyond untagging: photo privacy in a tagged world. In Proceedings of the 28th international conference on Human factors in computing systems (pp ). Atlanta, Georgia, USA: ACM. Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2010). Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the 28th international conference on Human factors in computing systems (pp ). Atlanta, Georgia, USA: ACM.

58 References (3) Kelley, P. G., Benisch, M., Cranor, L. F., & Sadeh, N. (2011). When are users comfortable sharing locations with advertisers? Proceedings of the 2011 annual conference on Human factors in computing systems, CHI ’11 (pp. 2449–2452). Vancouver, BC, Canada: ACM Burghardt, T., Buchmann, E., Müller, J., & Böhm, K. (2009). Understanding User Preferences and Awareness: Privacy Mechanisms in Location-Based Services. In R. Meersman, T. Dillon, & P. Herrero (Red.), On the Move to Meaningful Internet Systems: OTM 2009 (Vol. 5870, pp ). Berlin, Heidelberg: Springer Berlin Heidelberg. Lindqvist, J., Cranshaw, J., Wiese, J., Hong, J., & Zimmerman, J. (2011). I’m the mayor of my house: examining why people use foursquare - a social-driven location sharing application. Proceedings of the 2011 annual conference on Human factors in computing systems, CHI ’11 (pp. 2409–2418). Vancouver, BC, Canada: ACM Lederer, S., Hong, J. I., Dey, A. K., & Landay, J. A. (2004). Personal Privacy through Understanding and Action: Five Pitfalls for Designers. PERSONAL AND UBIQUITOUS COMPUTING, 8,


Download ppt "HCI and user research on location privacy Dr. David Geerts Research Manager Centre for User Experience Research (CUO) IBBT / K.U.Leuven."

Similar presentations


Ads by Google