DOCSLIB.ORG

A Privacy-Focused Systematic Analysis of Online Status Indicators

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Privacy-Focused Systematic Analysis of Online Status Indicators Proceedings on Privacy Enhancing Technologies ; 2020 (3):384–403 Camille Cobb*, Lucy Simko, Tadayoshi Kohno, and Alexis Hiniker A Privacy-Focused Systematic Analysis of Online Status Indicators Abstract: Online status indicators (or OSIs, i.e., inter- face elements that communicate whether a user is on- line) can leak potentially sensitive information about users. In this work, we analyze 184 mobile applications to systematically characterize the existing design space of OSIs. We identified 40 apps with OSIs across a vari- ety of genres and conducted a design review of the OSIs in each, examining both Android and iOS versions of these apps. We found that OSI design decisions clus- tered into four major categories, namely: appearance, audience, settings, and fidelity to actual user behavior. Less than half of these apps allow users change the de- Fig. 1. OSIs can contain one or more abstract components: an fault settings for OSIs. Informed by our findings, we icon, text, and other contextual cues. Each component can as- sume a specific color, relative location, and/or location within the discuss: 1) how these design choices support adversar- app. ial behavior, 2) design guidelines for creating consistent, privacy-conscious OSIs, and 3) a set of novel design con- cepts for building future tools to augment users’ ability 1 Introduction to control and understand the presence information they broadcast. By connecting the common design patterns Online Status Indicators (OSIs) are user interface we document to prior work on privacy in social tech- (UI) elements that automatically broadcast information nologies, we contribute an empirical understanding of about when a user comes online or goes offline. When an the systematic ways in which OSIs can make users more OSI shows that a user is actively engaging with an app, or less vulnerable to unwanted information disclosure. it signals to others that the user is potentially available Keywords: Online Status Indicators, Usability, Mobile for conversation, multi-player gaming, and other social Ecosystem, Design, Information Leakage, Privacy interactions. When an OSI shows that a user is offline, it indicates that the user may be unlikely to respond DOI 10.2478/popets-2020-0057 quickly or unavailable to connect. Although these uses Received 2019-11-30; revised 2020-03-15; accepted 2020-03-16. of OSIs can improve a user’s experience, prior work has found that OSIs can leak sensitive information [10] such as sleep-wake routines, workplace distraction, conver- sational partners, and deviations from daily schedules. These privacy concerns may be especially pronounced for people in vulnerable circumstances, such as those ex- periencing intimate partner violence, a devastating and widespread problem [29]. Despite the fact that OSIs are known to have prob- *Corresponding Author: Camille Cobb: Carnegie Mellon lematic consequences for users, we currently lack a ro- University, E-mail: [email protected]. Part of this work was done while the author was at the University of Washing- bust understanding of how and when OSIs project sen- ton. sitive information. To what extent are OSIs present in Lucy Simko: University of Washington, E-mail: popular apps and across app genres? How might their [email protected] design and implementation affect the inferences that an Tadayoshi Kohno: University of Washington, E-mail: observer can draw about a user’s activities? In what [email protected] Alexis Hiniker: University of Washington, E-mail: alex- ways and to what extent can users anticipate and con- [email protected] trol the information their OSIs broadcast? A Privacy-Focused Systematic Analysis of Online Status Indicators 385 Scoped investigations of specific OSIs hint that the OSIs. In 2000, Nardi et al. studied 20 people’s use of answers to these questions, in certain contexts, may be Instant Messenger (IM) at work [28]. They identified quite troubling in terms of under-explored risks to users. “awareness information about the presence of others” OSIs in WhatsApp can reveal how late a person stays as a key IM feature (i.e., an early implementation of at a party or who is talking to whom [10], and perpe- OSIs that indicated when someone was logged into a trators of intimate partner violence have used OSIs to service like AOL Instant Messenger (AIM)). In their track their victims [19]. To date, prior work has inves- investigation of the benefits that IM can provide in the tigated these questions in one-off contexts but has not workplace, the authors found that presence informa- documented the extent to which these trends are per- tion made it easier for users to “negotiate availability” vasive. than did email or face-to-face conversations. That is, To understand how these risks manifest systemat- presence information let users assess whether it was ically and at scale, we examine OSIs across the mobile a good time to contact someone and also allowed the app ecosystem. Building on prior work that surfaces recipients to choose a good time to respond. The au- problems of broad social significance by holistically an- thors recommended that presence indicators provide alyzing the mobile app marketplace [11, 27, 31], we seek less “awareness information” to give message recipients to: 1) characterize the common ways in which OSIs are plausible deniability as to whether they were actually designed, and 2) draw on these design themes to assess online, which participants cited as a useful characteristic the common privacy risks that OSIs pose to users. To of OSIs in AIM. these ends, we conducted a systematic analysis of 184 A broad body of follow-on work explored the pos- mobile apps, chosen to include popular apps from a var- sibilities of using “awareness” to improve online con- ied genres, and a structured design review of a subset versation and collaboration. For example, by making of 40 apps that use OSIs. We found that OSI design availability information and new messages only periph- decisions clustered into subcategories within each of erally noticeable, IM conversations may become less four different dimensions: appearance, audience, set- distracting when users are busy [3, 12]. Other work tings, and connection to ground-truth user behaviors. proposed to help users navigate online conversations by We evaluated the OSIs of all 40 apps against this taxon- incorporating data sources such as their online calendar omy and differentiated these common design decisions and physical sensors to show and/or predict availability according to their likelihood of affecting users’ privacy. (or lack thereof) rather than mere presence [5, 21, 22]. OSIs are pervasive and valuable components of mo- Protocols such as XMPP [34] were developed to create bile apps, and quick-glance awareness of others’ online a unified instant messaging experience (including OSIs) status has become a standard feature that users have across multiple services. Although such protocols may come to expect and rely on. Thus, discarding or avoiding be utilized for server-side implementation of OSIs, our OSIs due to potential privacy risks is not only imprac- work presents a client-side understanding. tical but at odds with the known value these features We use this prior work to inform our understanding offer to users [28]. Instead, we seek to define with pre- of the aspects that OSI designers and researchers have cision the risks that OSIs pose and identify the design previously emphasized based on enhancing the poten- mechanisms that act as vehicles for these risks. In doing tially beneficial uses of OSIs. This allows us to take a so, we characterize the landscape of current OSI design, more nuanced view of OSIs in order to draw attention to and we contribute design guidance for evolving OSIs the tradeoffs between privacy and these other benefits to optimize for both protecting users’ privacy and si- rather than only identifying how OSIs could compro- multaneously preserving the value that users reap from mise privacy. sharing presence information with others. 2.2 Privacy Risks of OSIs 2 Related Work Many studies have found that tracking OSI information (e.g., collecting data about what apps someone uses, 2.1 Understanding OSIs for how long, and patterns of usage) can be used to infer substantially more about a user’s real-world and A substantial amount of research, going back many online activity [6, 8, 10, 13]. For example, Buchenscheit years, has explored features that we would refer to as et al. collected online status information for groups A Privacy-Focused Systematic Analysis of Online Status Indicators 386 of friends using WhatsApp. They found that online 2.3 Systematic Analyses of Technical status can reveal the time people awaken or go to bed, Design Spaces their typical schedules, whether they deviate from those schedules, if they are using apps while at work, and, in In generating a taxonomy of OSI design implementa- some cases, which people within a group are convers- tions, we drew inspiration from previous Systematiza- ing privately [10]. The authors report that participants tion of Knowledge papers, for example, those related discussed using OSIs to actively monitor or make in- to home IOT security, secure messaging tools, and pro- ferences about their friends’ behaviors, e.g. registering posed alternatives to passwords [1, 9, 33]. In these stud- surprise about how late a friend stayed at a party. Fur- ies, the authors simplified a complex design space by ther, the authors discuss potential contexts in which identifying a small set of axes or categories along which a information leaked via OSIs could be highly sensitive, topic could be evaluated. For example, to evaluate pass- for example, when used for surveillance in relation- word alternatives, Bonneau et al. identified 25 specific ships with power imbalances (e.g., abusive romantic benefits that passwords offer, such as a negligible cost to relationships) or by employers to monitor and predict users, and categorized them into usability, deployability, employees’ work performance.
Load more

Recommended publications
  • MESSENGER KIDS Social Media for Under 13-Year-Old Kids with Raising Dilemma
    FACEBOOK MESSENGER KIDS Social media for under 13-year-old kids with raising dilemma Prepared by: CHEN MA 809091 HAN UNG 885781 JIAJIA FU 955428 ROSENDO TREVIÑO 865216 Messenger Kids Case Study !1 Abstract This case study will investigate Messenger Kids, a new service Facebook offers to children. This disruptive technology platform raises concerns and creates dilemmas for users attributed mainly to a high level of uncertainty. The purpose of this article is to evaluate Facebook’s Messenger Kids from the parents’ perspective on the dilemmas that new technology and privacy concerns create. The service is analysed in different aspects including the perceived risks, cost- benefit comparison and service quality gaps. The customer lifetime value metric is also utilised to explain how Facebook can make profit with a free app without ads. This paper then provides recommendations to the company to enhance the user experience and increase the service perception. Keywords: service management, service quality, technology services, social media Messenger Kids Case Study !2 Case story MESSENGER KIDS Facebook’s new app with raising dilemmas Jane Johnson stood in the kitchen looking outside the window and reflected on how technology and the Internet are changing human relationships. The effects on information transferability, virtual connectivity and digital privacy are both positively and negatively far-reaching, which made Jane deliberate how to best prepare Jess, her seven-year-old daughter for these changes. Messenger Kids by Facebook It is not exaggerated to say that social media is embedded in our lives. People tweet their thoughts, post their photos, share their day to day stories and even apply for jobs through social media apps.
    [Show full text]
  • How Facebook Beat the Children's Online Privacy Protection
    FINN EGA N-FOR MATTED (DO NOT DELETE) 1/9/2020 4:28 PM HOW FACEBOOK BEAT THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT: A LOOK INTO THE CONTINUED INEFFECTIVENESS OF COPPA AND HOW TO HOLD SOCIAL MEDIA SITES ACCOUNTABLE IN THE FUTURE Shannon Finnegan* I. INTRODUCTION Mark Zuckerberg, the co-founder, chairman, and CEO of Facebook, Inc.,1 recently made news when he implied he believed a law was not necessary to cover and protect teenagers on social networks. 2 Although Zuckerberg acquiesced that this topic “deserves a lot of discussion,” he was criticized for responding in a manner that many interpreted as too cavalier when acknowledging the sensitive nature of teens’ data.3 Currently, there is only one federal law on the books that addresses children’s privacy online: the Children’s Online Privacy Protection Act (COPPA).4 COPPA does not pertain to teenage users or teenage data, but understanding how Facebook, Inc. has handled COPPA may shed light on Zuckerberg’s seemingly lackadaisical response to the regulation of teen data.5 * J.D. Candidate, 2020, Seton Hall University School of Law; B.A., 2014, Fairfield University. Foremost, thank you, Mom and Dad, for your unconditional love, and continued support and guidance. Sincerest thanks to my faculty advisor, Professor Najarian Peters, Esq., for your unwavering encouragement, belief in me, and sound counsel. I would be remiss not to thank Karen Nachbar, Esq. for first teaching me what COPPA is and supporting my dream to be a fun lawyer just like her; Amy Gopinathan for being my steadfast law school partner; and Matthew Cook for everything else.
    [Show full text]
  • Staying Connected
    Staying Connected Why you need to stay connected Feeling connected is essential for our physical and mental wellness. Physical distancing during COVID-19 limits all of our social engagements - dinners at Grandma's, nights out with friends, and catching a local concert or sporting event. This new normal also greatly reduces our simple day-to-day interactions like holding a door open for a stranger or small talk with a shop owner. While it is more difficult to remain feeling connected to our extended family and friends during this time, it is possible. To make up for these social interactions, it's important to reach out using technology to Social Connection Ideas connect with our family and friends more frequently. Here are some ideas for you to connect virtually with your loved ones using the apps: How to stay connected Celebrate holidays, birthdays, and other special moments virtually in a video call There are many ways to connect with your Recruit a loved one to help support your social circle while you stay safely at home. child with their online learning program Apps like FaceTime, WhatsApp, Facebook Host a virtual event for friends - teach Messenger, and Zoom allow you to group them how to make your favourite recipe, video chat with your family and friends. play live music, or share a story Schedule regular family suppers via group Messenger Kids is another free app that video chat to enjoy meals together allows your children to connect with friends Host an online talent show, dance party, and family (while parents maintain full or karaoke singalong control of their children's contact list).
    [Show full text]
  • Facebook Group Member Request Settings
    Facebook Group Member Request Settings Decided Ernesto overstride no derivatives gambling unmeasurably after Norwood engineer nightlong, boughtenquite polemical. Mohamad Garcon still rentesforests her his turnoveryokel briefly. afterward, impedimental and discomfited. Monodical and Sorry, store, I recommend creating a pinned post that explains all of the rules in detail. Create a series of downloadable assets. If they are not receiving your posts then how can they react anyway? Facebook groups are one more promotional channel to market yourself for revenue and income purposes. On my fb group I have now lost this very useful tip. What is the difference between a boosted post, finance, and time is money. Adjust the budget and timeframe to your liking, click the More button then go to Edit Group settings. Predictions on a partnership. How do you facilitate a peer support group? Sync, small towns, users no longer need to worry about the data accumulating in their chats over the years. Remove posts that violate the guidelines. Exclusive content gives members a reason to be engaged and check in regularly. Our own Cyrus Shepard shows you how to set that up. Only server warnings and notes can be suppressed. It helps to create a fair marketplace and educate consumers. You make a request to begin this needs, member request settings is gone just joined. Group, we collect information that you provide when you create an account, the bottom of the invite pop up gives you the option to send invites in Messenger as well. You may have the right to exercise your data protection rights, Members, they should be allowed to choose if to delete their own post and content from it.
    [Show full text]
  • Age Recommendation for Facebook
    Age Recommendation For Facebook Noah delivers sloppily. Bentham Garvin reifies some dunlin after cousinly Prentiss overdramatizing anecdotally. Kalle spoors indisputably. COPPA applies only bring those websites and online services that hassle, use, reproduce disclose personal information from children. Although speculative, this could be appropriate especially important function of Facebook for parents who live system from crane and friends. Komen Breast cancer group. Predictions represent the behavior and a user and how likely choice are predicted to move a positive interaction with a straight piece. Is Tik Tok safe? It can exercise give the companies that provide you outside services access previous account info, including your name, photo, email address, and other one visible to the ancient by default. That front, what clicks with customers on Facebook is surprisingly specific. Appeals and emails to FB have not helped at all. Use the storytelling strengths of video to send the real message. At at age should you whack your kids on Facebook. Seeing again the contest and running or drive Facebook users back to create page. THE CENTER EXPRESSLY DISCLAIMS, AND thereafter HAVE NO LIABILITY FOR, ANY ERRORS, OMISSIONS, INACCURACIES, OR INTERRUPTIONS IN particular DATA. Check internet connection and hat again. Think steroids, ephedra, or human growth hormones. Much like Tinder, Facebook Dating lets you scroll through endless cards of individuals looking for dates. Brent barnhart is based around a recommendation age recommendation age can show how it! Do I need or provide notice not obtain parental consent? Facebook automatically pulls this mosque to grasp your link. User not US or EU, so consent permitted.
    [Show full text]
  • WHAT's NEW on SOCIAL MEDIA: July 2018
    WHA T’S NEW ON SOCIAL MEDIA: July 2018 Facebook New Features Watch Party1 - A new way to watch videos online with your friends was launched on July 25 - In Facebook Groups, you can now create Watch Parties in the text box - Add videos to a media playlist for everyone in the group to watch and comment on at the same time - After the watch party ends, people who missed out or want to re-watch can still watch the playlist - Watch Parties will most likely expand to other parts of FB in the future 1 Image: Facebook Your Time on Facebook2 - The “Your Time on Facebook” feature is meant to help with FB addiction by showing you how much time you‟ve spent on the platform over the past week - You can also set a time limit where the app will remind you once you‟ve hit a certain amount of time on the app - A similar feature was also introduced on Instagram - Currently only available on Android Keyword Snooze3 - FB has begun testing a new feature called Keyword Snooze that allows users to avoid spoilers by temporarily hiding posts with certain keywords in the text - Posts containing the keywords you‟ve chosen to hit “snooze” on won‟t show up in your News Feed for 30 days. - Can be found in the upper right-hand menu in the news feed 2 Image: Facebook Do Not Disturb4 - Facebook is testing a “Do Not Disturb” feature to let users control when they receive notifications from the platform - Users can choose not to receive notifications for 30 minutes, one hour, two hours, eight hours, one day, or indefinitely until the user turns off the feature manually.
    [Show full text]
  • CASA Contact During COVID-19
    CASA does not have an age restriction for use of video technology with children. However, the federal Children’s Online Privacy Protection Act sets limits on the use of services like these, along with other Internet sites, by children under the age of 13. • Place the video call with the phone app on the smart phone. These video calls would not trigger the same COPPA issues as using a platform like FaceTime or Skype. • Do not have children under 13 create user accounts (and do not create user accounts for them) with the video chat providers • Do not otherwise provide any personal information about the children to the video chat provider (including through a text chat feature) • Choose technologies that permit use by children under 13 (Zoom, Messenger Kids, and FaceTime permit use, while Skype does not) Phone Calls. When talking to a child on the phone, the volunteer must follow many of the same recommendations as with video chat technology including ensuring you are in a private location with no other people around, that there is no recording taking place, and that no confidential information that would disclose the specifics about a child’s identity or the case should be discussed. ALTERNATIVES TO FACE-TO-FACE MEETINGS Texting: If texting with a child, no confidential information that would disclose specifics about a child’s identity or the case should be discussed. Text conversations should not be deleted until after the case is closed. CASA volunteers should be aware that any messaging, texting, emailing may be discoverable by the court.
    [Show full text]
  • Apps & Online Platforms
    Apps & Online Platforms Options to Interact with Children & Young Adults Apps and Platforms: A Range of Options CASA of Franklin County understands that 2020 has been a unique challenge and we continue to look for creative ways to interact with our children online. CASA GALs come from different generations, careers, and backgrounds. We know not everyone is a technical wiz and that new online tools can be difficult to learn and use, so CASA created this handy user-guide. Most are entirely free, and others are a monthly subscription. While CASA cannot provide funding for specific apps at this time, we still wanted to include a range of options to show GALs what is possible, as some features in paid apps can be replicated by the GAL in free apps. Notices and Disclaimers: While CASA of Franklin County has created this Apps & Platforms user guide, we are not endorsing or recommending any one program over another: every GAL uses different tools and has different virtual comfort levels. Additionally, CASA of Franklin County, National CASA/GAL Association for Children, Ohio CASA, Franklin County Board of Commissioners, or Franklin County Court of Common Pleas are not proponents of, and do not recommend or endorse these Apps & Platforms. If a GAL wishes to interact with the child(ren) they work with on these platforms, they must first seek the permission of the child(ren)’s custodian and notice to the caregiver. As with all use of personal devices, the GAL remains responsible for ensuring that GAL communications are confidential. GALs may not record virtual interactions with children and must ensure that location and security settings are calculated to maintain confidentiality.
    [Show full text]
  • Participant's Guide
    Participant’s Guide Tennessee Department of Children’s Services| CHRP4567 | Ver. 18.11 Social Media and Cyber Safety Participant Guide CHRP4567 Tennessee Dept of Children's Services Ver. 18.11 1 Social Media and Cyber Safety Participant Guide CHRP4567 Tennessee Dept of Children's Services Ver. 18.11 2 Social Media and Cyber Safety Participant Guide CHRP4567 Tennessee Dept of Children's Services Ver. 18.11 3 Social Media and Cyber Safety Participant Guide CHRP4567 Tennessee Dept of Children's Services Ver. 18.11 4 Social Media and Cyber Safety Participant Guide CHRP4567 Notes: ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ Tennessee Dept of Children's Services Ver. 18.11 5 Social Media and Cyber Safety Participant Guide CHRP4567 GREEN ZONE APPS Facebook: Age 13 + Facebook is the Godfather of all social media apps (and the largest of all social media networks). Users on Facebook can share to the network from their desktop, tablet and/or mobile phone. Facebook makes their money by selling ads next to the feed (and in the feed) to let advertisers
    [Show full text]
  • How Can We Protect Our Kids and Teenagers?
    Digital Communication, Online Activity, Smartphones, and More: How Can We Protect our Kids and Teenagers? by Alison Meredith Copyright 2019 by Alison Meredith. The author makes no claim or guarantee that implementing these tips will protect anyone. This paper is provided as a free resource. Further distribution is permitted if this footer is retained, the contents are unedited, and the distribution is free. www.holstonit.com www.linkedin.com/in/alisonmeredith7/ Page 1 of 28 WARNING: This paper is not for teenagers or kids. Please do not post a link to this paper on social media where teenagers can easily find it. You are welcome to freely share it by other means (such as emailing or texting a link). • This report includes explicit sexual references. • This publication contains detailed information about how cybercriminals work, which may unnecessarily scare teenagers and kids. Disclaimer The information and suggestions contained herein are provided by Holston IT as a free resource. The author makes no claim or guarantee that implementing the advice in this paper will protect kids or teenagers. This information is not intended as legal advice and is provided without warranty. The reader assumes all risk for reliance on any of the information in this document. Permission to Share Further distribution of this paper is permitted if the footer is retained, the contents are unedited, and the distribution is free to others. Links Everything underlined in this paper is a direct link to further information. All links work, as of its publication on October 3, 2019. However, websites frequently rearrange content and break links.
    [Show full text]
  • Gafanomics, October 2014
    THE NEW VISION FOR CAPITALISM NEW ECONOMY, NEW RULES This work was made for you to share, reuse, remix, rework… It is licensed under the Creative Commons BY-NC-SA license to allow for further contributions by experts and users in the coming months. You are free to share and remix/adapt the work. You must cite this document: FABERNOVEL, GAFAnomics, October 2014 You may not use this work for commercial purposes. You may distribute a modified work under the same or similar license. Why do we release this kind of work for free? Our job is to help large organizations think and act like startups. We believe this can only be achieved by encouraging people to innovate and explore new business models. We aim to inspire you by giving you the keys to understand new markets like Russia, new business drivers like APIs or successful companies like Apple, Amazon, Facebook or LinkedIn. 2 What is GAFAnomics®? A STUDY // UNDERSTAND A TOOLKIT // ACT Our study gives you a simplified and Our strategic management toolkit rapid understanding of how Google, allows you to design the future of Apple, Facebook and Amazon, in your company the way Google, their quest of customers’ delight, Apple, Facebook and Amazon do: in brushed aside 3 fundamental a customer centric way. business rules. 4 Foreword 22 years, the average age of Google, Apple, Facebook and Amazon. 22 years of frenetic development combined with the upheaval brought about by the internet, to businesses, our lives and our civilization. From the heart of the Old Continent, FABERNOVEL have designed a new digital model, observing and drawing inspiration from the organizations capable of “thinking outside the box” from their beginnings, to oppose a corporate Orwellian world and to break things, quickly and often.
    [Show full text]
  • Please See Detailed Instructions on How to Use Six Popular Video Calling Platforms So You Can Continue to Communicate with Your Children and “See” Them
    Please see detailed instructions on how to use six popular video calling platforms so you can continue to communicate with your children and “see” them. If your child(ren) prefers to use another platform to video call and you are not sure how to use it, please contact your supervisor directly, however most children will be familiar and willing to use one of the following six platforms. The “legal stuff” with regards to children under the age of 13: • Apple (FaceTime) states that children under 13 cannot create an Apple ID on their own which is required to be able to access the FaceTime application. Parents/Foster Parents/Guardians can set up an Apple ID for children under 13 if using family sharing. Or you can use the parents account, and they can hand the phone/device to the child • Skype states in their guidelines: Skype's websites and software are not intended for or designed to attract users under the age of 13. We encourage parents to be involved in the online activities of their children to make sure that no information is collected from a child without parental permission You can use a parents account to contact the child if under the age of 13 or does not have their own account • National CASA does NOT have an age restriction for use of video technology with children so during this time ALL children should be contacted via video call when possible • Many cell phones allow video calling through the phone app and can be used by children of any age (including under 13) • If you are struggling to find a way to video call with your child(ren) that are under the age of 13, please do NOT have them create user accounts for any video calling platforms/video chat provides, this does not apply with COPPA and industry standards.
    [Show full text]