Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy.

Published byHugo Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy."— Presentation transcript:

1 Trust and Privacy

2 Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy

3 Trust is fundamental to security Lack of trust results in systems being ill-used or used not at all Lack of trust results in systems being ill-used or used not at all Lack of understanding of trust results in wrong decisions or no decisions Lack of understanding of trust results in wrong decisions or no decisions Too much trust can be more dangerous than too little Too much trust can be more dangerous than too little –E.g. I can open any file attachment because I run anti-virus software

4 What are your strategies? Scenario: you are buying a product from a new site, what leads you to trust the site and buy from them? Scenario: you are buying a product from a new site, what leads you to trust the site and buy from them? Scenario: you are looking up medical information on a new site, what leads you to trust the site? Scenario: you are looking up medical information on a new site, what leads you to trust the site? Scenario: you consider downloading a new browser plug-in, what leads you to trust the plug-in and download? Scenario: you consider downloading a new browser plug-in, what leads you to trust the plug-in and download?

5 Definitions Book: “Trust concerns a positive expectation regarding the behavior of somebody or something in a situation that entails risk to the trusting party” Book: “Trust concerns a positive expectation regarding the behavior of somebody or something in a situation that entails risk to the trusting party” Miriam-Webster: “assured reliance on the integrity, ability, or character of a person or thing” Miriam-Webster: “assured reliance on the integrity, ability, or character of a person or thing”

6 Layers Dispositional trust Dispositional trust –Psychological disposition or personality trait to be trusting or not Learned trust Learned trust –A person’s general tendency to trust, or not to trust, as a result of experience Situational trust Situational trust –Basic tendencies are adjusted in response to situational cues

7 Processing strategies Heuristic approach making quick judgments from the obvious information Heuristic approach making quick judgments from the obvious information Systematic approach involving detailed analysis of information Systematic approach involving detailed analysis of information

8 Models summarization Increases trust Increases trust –Familiarity –Benevolence –Integrity –Comprehensive info –Shared value –Credibility –Good feedback –Reliability –Usability Decreases trust Decreases trust –Risk –Transaction cost –Uncertainty

9 Losing trust What are ways to damage trust? What are ways to damage trust? How can you repair damaged trust? How can you repair damaged trust?

10 Trust Design Guidelines 1. Ensure good ease of use. 2. Use attractive design. 3. Create a professional image – avoid spelling mistakes and other simple errors. 4. Don’t mix advertising and content – avoid sales pitches and banner advertisements. 5. Convey a “real-world” look and feel – for example, with use of high- quality photographs of real places and people. 6. Maximize the consistency, familiarity, or predictability of an interaction both in terms of process and visually. 7. Include seals of approval such as TRUSTe. 8. Provide explanations, justifying the advice or information given. 9. Include independent peer evaluation such as references from past and current users and independent message boards. 10. Provide clearly stated security and privacy statements, and also rights to compensation and returns. 11. Include alternative views, including good links to independent sites with the same business area. 12. Include background information such as indicators of expertise and patterns of past performance. 13. Clearly assign responsibilities (to the vendor and the customer). 14. Ensure that communication remains open and responsive, and offer order tracking or an alternative means of getting in touch. 15. Offer a personalized service that takes account of each client’s needs and preferences and reflects its social identity.

11 Credibility How is this different than trust? How is this different than trust? Four Types of Credibility Four Types of Credibility –Presumed credibility. –Reputed credibility. –Surface credibility. –Experienced credibility.

12 Stanford Guidelines for Web Credibility 1. Make it easy to verify the accuracy of the information on your site. 2. Show that there's a real organization behind your site. 3. Highlight the expertise in your organization and in the content and services you provide. 4. Show that honest and trustworthy people stand behind your site. 5. Make it easy to contact you. 6. Design your site so it looks professional (or is appropriate for your purpose). 7. Make your site easy to use – and useful. 8. Update your site's content often (at least show it's been reviewed recently). 9. Use restraint with any promotional content (e.g., ads, offers). 10. Avoid errors of all types, no matter how small they seem. Stanford Persuasive Technology Lab http://www.webcredibility.org/guidelines/

13 Food for thought What have you noticed websites doing to increase your trust? What have you noticed websites doing to increase your trust? Have you grown more or less trustworthy over time? General public? Have you grown more or less trustworthy over time? General public? Should computers (application designers) trust users? Should computers (application designers) trust users? –Should the system take over and prevent bad things from happening? When?

14 Project feedback Project proposal due NEXT WEEK Project proposal due NEXT WEEK I need to sign off on all IRB applications I need to sign off on all IRB applications –Email me (or post online) a draft, I will likely ask for modifications –Bring final printed copy to class Rule of thumb: someone else should be able to pick up your proposal and carry out the study Rule of thumb: someone else should be able to pick up your proposal and carry out the study Include implementation or other aspects in your proposal if applicable Include implementation or other aspects in your proposal if applicable

15 Privacy Why do we care? Why do we care? –Is privacy a fundamental right? –Or is it instead instrumental in achieving personal security? Holistic property of a system Holistic property of a system –Difficult to analyze and understand the impacts –Ethical, legal, political ramifications

16 Definitions Protection from unwarranted intrusions (informational self-determination) Protection from unwarranted intrusions (informational self-determination) Ability to control the terms under which personal information is acquired and used Ability to control the terms under which personal information is acquired and used “boundary regulation process” of managing disclosure and identity “boundary regulation process” of managing disclosure and identity “No definition of privacy is possible because privacy issues are fundamentally matters of values, interests and power” “No definition of privacy is possible because privacy issues are fundamentally matters of values, interests and power” –Alan F. Westin, legal and policy scholar

17 Privacy preferences Westin surveys: Westin surveys: Fundamentalists Fundamentalists Pragmatists Pragmatists Unconcerned or marginally concerned Unconcerned or marginally concerned Who are you? What are the implications? Who are you? What are the implications?

18 Privacy vs. Trust How does this relate to trust? How does this relate to trust? Are there layers of privacy like layers of trust? Are there layers of privacy like layers of trust? –Dispositional, learned, situational

19 Why is privacy such a huge problem? Incomplete information Incomplete information –How likely are risks? How serious are risks? –What can you do to mitigate risks? Decisions are highly contextual and individualized Decisions are highly contextual and individualized Bounded rationality – simplistic mental models Bounded rationality – simplistic mental models Difficulty in assessing tradeoffs Difficulty in assessing tradeoffs –Assign greater strength to short term than long term outcomes

20 Issues to consider Privacy is a secondary task Privacy is a secondary task –Users of privacy tools often seek out these tools due to their awareness of or concern about privacy –Even so, users still want to focus on their primary tasks Users have differing privacy concerns and needs Users have differing privacy concerns and needs –One-size-fits-all interface may not work Most users are not privacy experts Most users are not privacy experts –Difficult to explain current privacy state or future privacy implications –Difficult to explain privacy options to them –Difficult to capture privacy needs/preferences Many privacy tools reduce application performance, functionality, or convenience Many privacy tools reduce application performance, functionality, or convenience

21 Exoinformation Leaving information behind based on our activities Leaving information behind based on our activities –Examples? Users often unaware of these information trails and tidbits Users often unaware of these information trails and tidbits –If we aren’t aware, how can we give consent or make appropriate decisions? Chapter 20: A Users Centric Privacy Space Framework

22 Areas with big privacy issues eCommerce eCommerce Medical information systems Medical information systems Social networking and messaging (IM, MySpace, etc.) Social networking and messaging (IM, MySpace, etc.) Media spaces Media spaces Tracking & location-enhanced technologies Tracking & location-enhanced technologies

23 Friend Finder Location service of buddy list Location service of buddy list – –Loopt: https://loopt.com/loopt/sess/index.aspxhttps://loopt.com/loopt/sess/index.aspx – –Helio’s Buddy Beacon: http://www.helio.com/page?p=services#services_gps http://www.helio.com/page?p=services#services_gps What are privacy issues? What are models of interaction? (push vs. pull, etc.) Design a UI for configuring who sees what and when – –What functions or features are needed? – –How to convey model of disclosures? – –How do users quickly make changes? How would you evaluate your interface? Privacy Lost: These Phones Can Find You, NYTimes, Oct. 23, 2007

24 Final food for thought Is privacy awareness evolving? Are people more aware now? How can we increase their awareness? Is privacy awareness evolving? Are people more aware now? How can we increase their awareness? Is awareness enough? Identity theft is a big topic lately – but has it led to any increased usage of privacy and security software? Is awareness enough? Identity theft is a big topic lately – but has it led to any increased usage of privacy and security software? Why does cyberspace feel lacking in social morals and ethics? How can we improve? Why does cyberspace feel lacking in social morals and ethics? How can we improve?

Download ppt "Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy."

Similar presentations

An Overview of Internet Credibility

An Overview of Internet Credibility
Social Media for Business IFSA March 2013. Considering Your Options.

Social Media for Business IFSA March Considering Your Options.
Our Digital World Second Edition

Our Digital World Second Edition
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
IS214 Recap. IS214 Understanding Users and Their Work –User and task analysis –Ethnographic methods –Site visits: observation, interviews –Contextual.

IS214 Recap. IS214 Understanding Users and Their Work –User and task analysis –Ethnographic methods –Site visits: observation, interviews –Contextual.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.
Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments.

Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments.
Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.

Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Principles of Marketing

Principles of Marketing
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.
Web 2.0 Testing and Marketing E-engagement capacity enhancement for NGOs HKU ExCEL3.

Web 2.0 Testing and Marketing E-engagement capacity enhancement for NGOs HKU ExCEL3.
Review an existing website Usability in Design. to begin with.. Meeting Organization’s objectives and your Usability goals Meeting User’s Needs Complying.

Review an existing website Usability in Design. to begin with.. Meeting Organization’s objectives and your Usability goals Meeting User’s Needs Complying.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
]. Website Must-Haves Know your audience Good design Clear navigation Clear messaging Web friendly content Good marketing strategy.

]. Website Must-Haves Know your audience Good design Clear navigation Clear messaging Web friendly content Good marketing strategy.
3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.

3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?

Similar presentations

Ads by Google