Understanding and Capturing Peoples Privacy Policies in a People Finder Application - PowerPoint PPT Presentation

Loading...

PPT – Understanding and Capturing Peoples Privacy Policies in a People Finder Application PowerPoint presentation | free to download - id: 17c12-YzA2Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Understanding and Capturing Peoples Privacy Policies in a People Finder Application

Description:

Understanding and Capturing People's Privacy Policies in a People Finder Application ... People Finder. Contextual Instant Messaging (later at Ubicomp) Grey: ... – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 33
Provided by: jason203
Learn more at: http://www.cs.cmu.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Understanding and Capturing Peoples Privacy Policies in a People Finder Application


1
Understanding and Capturing Peoples Privacy
Policies in a People Finder Application
Madhu Prabaker, Jinghai Rao, Ian Fette, Patrick
Kelley, Lorrie Cranor, Jason Hong, Norman
SadehCarnegie Mellon University
2
Overview
  • Case study of People Finder application
  • What it is
  • How it works
  • Lab studies and field trials
  • Lessons Learned / Opinions and Conjectures

3
User-Controllable Privacy and SecurityProject
Overview
  • Overall Goal Better UIs for managing privacy and
    security for pervasive computing
  • Simple ways of specifying policies
  • Clear notifications and explanations of what
    happened
  • Better visualizations to summarize results
  • Machine learning for learning preferences
  • Start with small evaluations, continue with
    large-scale ones
  • Large multi-disciplinary team and project
  • Six faculty, 2 postdocs, five students
  • Roughly 2 years into project

4
User-Controllable Privacy and SecurityProject
Overview
  • Applications
  • People Finder
  • Contextual Instant Messaging (later at Ubicomp)
  • Grey Access Control to resources
  • Some Challenges
  • Not being burdensome or annoying
  • Right balance of expressiveness and simplicity
  • Providing enough value so people will use our
    apps!
  • Security privacy our main concern, but not
    users

5
People Finder
  • Lets you find other peoples location, subject to
    any specified rules
  • Okayness checking
  • Rendezvous
  • Requestors have a list of buddies whose location
    they can request via web, system tray, or mobile
    phone

6
Web Interface
7
System Tray and Mobile Phone
8
Plausible Deniability Built in
9
Found a Person
10
Found Another Person
11
Some Architectural Details
  • Laptop version uses Skyhook for positioning
  • Skyhook based on Intel Place Lab, uses WiFi
    localization
  • We also use a database provided by CMU to
    determine name of location
  • Each WiFi access point has an associated place
    name
  • Newell-Simon Hall 2504
  • Mobile phone version uses Intel POLS for
    positioning
  • POLS uses GSM towers for localization
  • Doesnt work well in Pittsburgh, not enough GSM
    towers

12
Users can Specify Rules
  • Also generates human-readable description of rule

13
More Rules
14
Can Also Specify Places in Rules
15
User FeedbackBalloon Pop-Up
  • Basic feedback (currently only for laptops)

16
User FeedbackRequest History
17
User FeedbackRequest History
18
History Also Used for Audits and ML
19
History Also Used for Audits and ML
20
System Architecture
21
System Architecture
  • Centralized architecture
  • Location stored in a server rather than on
    end-user devices
  • Doesnt this go against design goals of Place
    Lab, POLS, and your dissertation, Jason?
  • Some Musings on Privacy
  • No users even asked about this issue
  • Would likely only be small subset of tech-savvy
    users
  • Easier upgrades (think service vs app)
  • Made it very easy to add laptop functionality
  • Makes Last seen feature possible
  • Better performance for some features (ex.
    querying groups)

22
Lab Studies
  • Goal how well does Machine Learning work for
    learning prefs?
  • Setup
  • 19 participants
  • Asked to create initial rule set
  • Go thru a 30 scenarios where someone requested
    location
  • What their rule would do
  • Whether they agreed with rule
  • Option to change their rules

23
Lab Studies
  • Users not very accurate
  • 5 min to create rules, 8 min if include refining
    rules
  • Rules ranged 1-10, 5 rules
  • Weak correlation between time spent and accuracy
  • Case-based reasoning yielded pretty good results
  • Caveat scenarios probed unusual situations, may
    not mirror actual practice

24
Field Trials
  • Three different groups (not simultaneous)
  • 15 team members amongst ourselves, 6 wks
  • 7 MBA students, 2 wks
  • 6 people involved in organizing Spring Carnival,
    9 days
  • Asked or paid people to audit, to see accuracy
  • Usage uneven
  • Requests ranged from single digits to 100s
  • Looking at top 12 heavy users, accuracy of rules
    79
  • People tended to relax rules over time
  • Initially were conservative, allowed more use
    later on

25
Lessons Thus Far
  • Surprisingly few concerns about privacy
  • No user expressed strong privacy concerns
  • Feature requests were always non-privacy related
  • If low usage, due to not enough utility, not due
    to privacy
  • Does this mean our privacy is good enough, or is
    this because of users attitudes and behaviors?
  • Hard to tell

26
Users Attitudes and Behaviors
  • Westin identified three clusters of people wrt
    attitudes toward commercial entities
  • Fundamentalists (25)
  • Unconcerned (10)
  • Pragmatists (65)
  • We need something like this for ubicomp
  • But for personal privacy rather than for
    commercial entities
  • With more fine-grained segmentation
  • Fundamentalists include techno-libertarians and
    luddites
  • Pragmatists include too busy, not enough value,
    etc
  • Better segmentation would help us understand if
    our privacy is good enough

27
Users Attitudes and Behaviors
  • Need to tie better with adoption models

28
Lessons Thus Far
  • Also need to consider cost-benefit issues
  • Lowering Costs
  • Making rule creation easier and faster
  • Facebook widget, avoid yet another social
    network problem
  • Linking with instant messaging
  • Phone with GPS built-in rather than separate
    device
  • Increasing Benefits
  • Speed of getting someones location
  • Getting multiple peoples locations
  • Finding location of people not on list
  • Quality of location (accuracy, place names)

29
Lessons Thus Far
  • Critical mass a huge problem
  • Started with mobile phones, but high-end phones
    so we could only deploy a few at a time
  • Laptop version helped address this problem
  • Believe Facebook widget will overcome this
    problem
  • People did not use history and auditing features
    often
  • Primarily because we asked or paid them
  • IMBuddy But seemed to feel better knowing it was
    there!
  • Other features to assuage concerns, even if not
    used?

30
Our Next Steps
  • Facebook widget and larger study
  • Adding more features
  • More contextual info, interruptibility and window
    name
  • Simplified user interface
  • Simplifying the privacy model
  • Supporting common patterns (co-workers only when
    at work, family and close friends always, etc)

31
End-User Privacy in HCI
  • 137 page article surveying privacy in HCI and
    CSCW
  • Forthcoming in the new Foundations and Trends
    journal, in a few weeks

32
Acknowledgements
  • NSF Cyber Trust CNS-0627513
  • NSF IIS CNS-0433540
  • ARO DAAD19-02-0389
  • France Telecom
  • Nokia
  • IBM
  • Skyhook
About PowerShow.com