DOCSLIB.ORG

I Don't Know How to Protect Myself

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
I Don't Know How to Protect Myself "I don’t know how to protect myself": Understanding Privacy Perceptions Resulting from the Presence of Bystanders in Smart Environments Karola Marky Alexandra Voit Alina Stöver [email protected] [email protected] [email protected] Technical University of Darmstadt University of Stuttgart darmstadt.de Darmstadt, Germany Stuttgart, Germany Technical University of Darmstadt Darmstadt, Germany Kai Kunze Svenja Schröder Max Mühlhäuser [email protected] [email protected] [email protected] Keio University University of Vienna Technical University of Darmstadt Yokohama, Japan Vienna, Austria Darmstadt, Germany ABSTRACT October 25–29, 2020, Tallinn, Estonia. ACM, New York, NY, USA, 11 pages. IoT devices no longer affect single users only because others like https://doi.org/10.1145/3419249.3420164 visitors or family members - denoted as bystanders - might be in the device’s vicinity. Thus, data about bystanders can be collected by 1 INTRODUCTION IoT devices and bystanders can observe what IoT devices output. To The market share of IoT devices is steadily increasing [50]. By pro- better understand how this affects the privacy of IoT device owners cessing data, the devices can enhance the convenience of everyday and bystanders and how their privacy can be protected better, we life, improve security, or provide better control over energy con- interviewed 42 young adults. Our results include that owners of IoT sumption [27, 36]. Therefore, the devices collect data via sensors devices wish to adjust the device output when visitors are present. and output it. Both - collection and output - concern anyone that is Visitors wish to be made aware of the data collected about them, present in the smart environment. Therefore, it is crucial to consider to express their privacy needs, and to take measures. Based on different people in smart environments: primary users and indirect our results, we show demand for scalable solutions that address users. Primary users interact with IoT devices to achieve specific the tension that arises between the increasing discreetness of IoT goals, such as controlling the lighting. The group of indirect users devices, their increase in numbers and the requirement to preserve includes residents and visitors of the smart environment. However, the self-determination of owners and bystanders at the same time. only specific users, i.e. the owners of the IoT devices can configure them. In this paper, we denote them as owners. Visitors of the smart CCS CONCEPTS environments, e.g., repair staff or friends, can observe the output of • Security and privacy ! Privacy protections; • Human-centered IoT devices without interacting with them. In this paper, we denote computing ! Empirical studies in ubiquitous and mobile these indirect users as bystanders. The constellation of users and computing. bystanders is also crucial in the scope of privacy. The privacy of the bystanders might be violated by IoT devices KEYWORDS without the bystander noticing it [46]. A smart speaker might record a conversation of guests, or a camera in a fridge might film guests Privacy; Smart Home; Bystander Privacy who open it [30, 31]. On the other hand, the presence of bystanders ACM Reference Format: in a smart environment might also pose a privacy threat to IoT Karola Marky, Alexandra Voit, Alina Stöver, Kai Kunze, Svenja Schröder, device owners since the bystanders can witness the output of IoT and Max Mühlhäuser. 2020. "I don’t know how to protect myself": Under- devices. For instance, a smart speaker might remind an owner to standing Privacy Perceptions Resulting from the Presence of Bystanders in check their emails for medical test results and the bystanders hear Smart Environments. In Proceedings of the 11th Nordic Conference on Human- that. Based on this constellation of bystanders and owners, it is Computer Interaction: Shaping Experiences, Shaping Society (NordiCHI ’20), important to consider both user groups when designing privacy- respecting IoT devices and environments. Previous studies glimpsed Permission to make digital or hard copies of all or part of this work for personal or into the individual user types and for instance recommended a classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation visitor mode [60, 61], means for bystanders to exert control [59], or on the first page. Copyrights for components of this work owned by others than the provision of different levels of agency [18]. In this paper, we present author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or a comprehensive investigation of the owner-bystander constellation republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. from both perspectives. In particular, we aim to shed light on the NordiCHI ’20, October 25–29, 2020, Tallinn, Estonia following research questions: © 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM. ACM ISBN 978-1-4503-7579-5/20/10...$15.00 RQ1: What are considerations of IoT device owners when in- https://doi.org/10.1145/3419249.3420164 stalling and configuring devices in their homes? NordiCHI ’20, October 25–29, 2020, Tallinn, Estonia Marky et al. RQ2: What kind of information are IoT device owners com- Naeini et al. found that the privacy perceptions are dependent on fortable sharing with bystanders? the context and users differentiate between different environments RQ3: What are the perceptions of bystanders regarding privacy and data types [15]. In particular, they perceive the collection of in a smart environment? their data in public environments as less critical than in private RQ4: What are the coping strategies of bystanders to protect ones. Furthermore, they consider data about their environment (e.g., their privacy in smart environments? room temperatures) as less critical than data about themselves. Fi- To answer our research questions, we conducted semi-structured nally, Naeini et al. report that perceived benefits constitute a major interviews with 42 participants. Among other aspects, we found factor when consenting to data sharing. The role of the perceived that only a few owners consider privacy when installing devices benefits has been confirmed in an interview study by Zheng et al. in their homes. However, they wish for detailed options to control in which they focused on the experiences of eleven smart home the information that is output in the presence of bystanders. Even owners [63]. Owners are also willing to share privacy-sensitive urgent information, such as an emergency in the family, should data with service providers if the data was anonymized [29]. be protected. Concerning the bystanders, we confirm and extend When asked for specific concerns, people mention concerns results from other domains, such as life logging [10, 14], showing about the physical security and general privacy of the home [60, 64, that bystanders wish to exert control over their data collection. We 65]. On the other hand, a study by Zeng et al. has shown that many furthermore demonstrate that bystanders lack actionable measures smart home owners were generally not concerned about potential to exert control over the data collection. Based on our results, we threats [60]. Owners only expressed little privacy concerns about conclude that solutions provided by existing IoT devices are not the nature of the data but strong concerns on how the providers sufficient and do not scale. There is a demand for new solutions of smart home devices handle the data [49]. Lay owners expressed that reduce the burden on owners and bystanders and support difficulties in naming specific consequences that could arise from them effectively in making and realizing their privacy decisions. sharing smart home data [21]. But smart home owners should be However, current developments make IoT devices more discreet and aware of potential consequences to be motivated to configure the their number will increase in the future. This makes it difficult for system so that it matches their privacy needs [21, 28]. owners and bystanders to make adjustments to protect their privacy Different studies revealed that smart home owners wish tobe for each individual IoT device. Our study indicates that there is a aware of data that is collected and transferred to providers [15, tension between the self-determination of owners and bystanders 24, 40]. An interview study with 23 smart home owners examined and the ongoing advancements of IoT devices. Finally, we name their perceptions of devices, data practices, and risks [51]. The challenges for the design of future smart environments that consider results confirm that owners are uncertain about the data practices privacy aspects based on the owner-bystander constellation. of the companies and wish for more transparency and control. Being asked to create a design that respects smart home privacy, 2 BACKGROUND AND RELATED WORK participants in a study created designs that aimed to increase the transparency of data collection and allow the owners to control the In this section, we detail the privacy definition that we based our data collection [58]. Users wished to be informed about the privacy investigation on. Then, we present related works on privacy con- aspects of the devices before purchase [16]. cerns in smart homes and bystander privacy. Adding to this body Besides smart homes in general, also the perceptions and con- of research, our paper focuses on the privacy concerns that might cerns regarding specific devices have been investigated in related arise from the presence of bystanders in smart environments. We work. The awareness of the data collected by smart TVs has been investigate the views of owners and bystanders in-depth. investigated by Ghiglieri et al. [22]. The authors found that users In this paper, we consider privacy as the possibility for users of smart TVs are generally not aware of the data collected by their to control the circumstances and conditions under which their devices.
Load more

Recommended publications
  • NOTHING to HIDE: Tools for Talking (And Listening) About Data Privacy for Integrated Data Systems
    NOTHING TO HIDE: Tools for Talking (and Listening) About Data Privacy for Integrated Data Systems OCTOBER 2018 Acknowledgements: We extend our thanks to the AISP Network and Learning Community, whose members provided their support and input throughout the development of this toolkit. Special thanks to Whitney Leboeuf, Sue Gallagher, and Tiffany Davenport for sharing their experiences and insights about IDS privacy and engagement, and to FPF Policy Analyst Amy Oliver and FPF Policy Intern Robert Martin for their contributions to this report. We would also like to thank our partners at Third Sector Capital Partners and the Annie E. Casey Foundation for their support. This material is based upon work supported by the Corporation for National and Community Service (CNCS). Opinions or points of view expressed in this document are those of the authors and do not necessarily reflect the official position of, or a position that is endorsed by, CNCS or the Social Innovation Fund. TABLE OF CONTENTS Introduction ............................................................................................................................................................................................................................. 2 Why engage and communicate about privacy? ................................................................................................................................................. 2 Using this toolkit to establish social license to integrate data .....................................................................................................................
    [Show full text]
  • Designing Privacy for You a Practical Approach for User-Centric Privacy
    Designing Privacy for You A Practical Approach for User-Centric Privacy Awanthika Senarath1, Nalin A.G. Arachchilage2, and Jill Slay3 1 Australian Centre for Cyber Security University of New South Wales - Canberra Australian Defence force Academy, Australia Email: [email protected] 2 Email: [email protected] 3 Email: [email protected] Abstract. Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a man- ner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding pri- vacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement it along with the software development life cycle. 1 Introduction Donald Trump’s presidential campaign was seriously damaged, when a personal conversation he had with a friend ten years ago (in 2005) was recorded and re- leased to the public during his run in the elections in 2016 in the USA. The recording had been done without the knowledge of the two people engaged in the conversation and was released at a very critical moment in the presidential campaign [1]. This is not much different to the situation users face on a daily basis when using on-line applications to network, communicate, shopping and banking on-line, and for many other personal tasks [9]. Due to the pervasiveness of Information and Communication Technology on-line applications have be- come an integral part of users [7].
    [Show full text]
  • The Internet of Audio Things: State-Of-The-Art, Vision, and Challenges Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei
    The Internet of Audio Things: state-of-the-art, vision, and challenges Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei To cite this version: Carlo Fischione, Luca Turchet, György Fazekas, Mathieu Lagrange, Hossein Ghadikolaei. The Internet of Audio Things: state-of-the-art, vision, and challenges. IEEE internet of things journal, IEEE, 2020, 7 (10), pp.10233-10249. 10.1109/JIOT.2020.2997047. hal-02930053v2 HAL Id: hal-02930053 https://hal.archives-ouvertes.fr/hal-02930053v2 Submitted on 8 Jan 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. IEEE INTERNET OF THINGS JOURNAL, VOL. XX, NO. X, NOVEMBER 2020 1 The Internet of Audio Things: state-of-the-art, vision, and challenges Luca Turchet, Gyorgy¨ Fazekas, Mathieu Lagrange, Hossein S. Ghadikolaei, and Carlo Fischione, Senior Member, IEEE, Abstract—The Internet of Audio Things (IoAuT) is an emerg- the emerging field of the Internet of Musical Things (IoMusT) ing research field positioned at the intersection of the Internet [7], where a number of devices for music production and of Things, sound and music computing, artificial intelligence, consumption are connected within ecosystems that multiply and human-computer interaction.
    [Show full text]
  • Roundtable-1-Presentation-March-20-2018.Pdf
    welcome! Thanks for coming! We will give tonight’s presentation and invite questions twice (6 pm and 7:30 pm). Please be sure to also join a small group roundtable discussion at the other end of the hall. hello! Hi, I’m Meg Davis, + I’m Rit Aggarwala 3 Thank you! For joining us to roll up your sleeves and tackle some tough questions with us 4 Town Hall What we heard you care about Well-being and community health People-centred planning Public transit and personal mobility Sustainable, resilient, climate-positive development Diversity and inclusion Housing quality and affordability Data-informed decision-making Privacy and data governance Green space, recreation and leisure Engaged communities Entrepreneurship and innovation 5 5 Since Last Time Built and organized our joint Sidewalk Toronto team and opened a TO office Developed a robust public engagement plan with firm dates Forming 6 advisory groups (80+ local leaders) to guide us in our work Met with key stakeholders, including representatives of all levels of government Exploring a series of pilots and prototypes to launch in Toronto Focused our core research questions to develop work plans and hypotheses 6 Tonight Describe what this project is all about Explain what we’re working on and where we need your input Open the floor to your questions and address some of your concerns Discuss key questions in a roundtable conversation 7 7 Who We Are Transforming the waterfront for the use and enjoyment of the people and visitors of Toronto, Ontario and Canada, to foster economic growth and to redefine how the city, province and country are perceived by the world — a project of national significance.
    [Show full text]
  • Testing Our Trust: Consumers and the Internet of Things (2017 Review)
    Testing our trust: consumers and the Internet of Things 2017 review Contents 1. Connected by default: why the internet of things is important for consumers 1 2. Review of the consumer internet of things market 3 Steady growth 3 New opportunities 6 3. Consumer attitudes to the Internet of Things 7 Privacy and security remain big concerns for consumers 7 Safety fears 7 Low trust in technology 8 4. Challenges that persist for consumers in the Internet of Things 8 Consumers are not informed 8 Security vulnerabilities cause global internet disruption 9 Privacy violations 10 Remote enforcement of contract terms 10 Buying a brick 11 Companies not equipped for proper aftercare 11 5. Responses to consumer challenges and concerns 12 National governments and inter-governmental bodies 12 Industry, civil society and coalition responses 16 6. Conclusions and next steps 18 Demand side power? 18 The role of the consumer movement 19 2 2017 review: testing our trust Coming together for change 1. Connected by default: With 5G predicted to arrive in some countries early next year2, we can expect faster speeds, improved response why the Internet of time, and the bandwidth needed for billions of Internet of Things devices to communicate with each other. 5G Things is important could also mean a reduction in energy usage. These improvements are predicted to not only improve user for consumers experience but also pave the way for further innovations. Consumer applications in the Internet of Things The way that we currently experience the internet can bring many benefits to people around the world involves, to some extent, a choice about how and when to including: more responsive services; shorter feedback engage.
    [Show full text]
  • Privacy by Design
    JANUARY 2018 Privacy by Design Privacy by Design is a methodology for proactively embedding privacy into information technology, business practices, and networked infrastructures. The Privacy by Design measures are designed to anticipate and prevent privacy invasive events before they occur. SEVEN FOUNDATIONAL PRINCIPLES The Privacy by Design framework is based on seven foundational principles: 1. Proactive not Reactive; Preventative not Remedial Anticipate, identify and prevent privacy invasive events before they occur. 2. Privacy as the Default Setting Build in the maximum degree of privacy into the default settings for any system or business practice. Doing so will keep a user’s privacy intact, even if they choose to do nothing. 3. Privacy Embedded into Design Embed privacy settings into the design and architecture of information technology systems and business practices instead of implementing them after the fact as an add-on. 4. Full Functionality — Positive-Sum, not Zero-Sum Accommodate all legitimate interests and objectives in a positive-sum manner to create a balance between privacy and security because it is possible to have both. 5. End-to-End Security — Full Lifecycle Protection Embed strong security measures to the complete lifecycle of data to ensure secure management of the information from beginning to end. 6. Visibility and Transparency — Keep it Open Assure stakeholders that privacy standards are open, transparent and subject to independent verification. 7. Respect for User Privacy — Keep it User-Centric Protect the interests of users by offering strong privacy defaults, appropriate notice, and empowering user-friendly options. PRIVACY TECHNOLOGYBY DESIGN FACT SHEET: PROTECTING AGAINST RANSOMWARE 2 2 .
    [Show full text]
  • Privacy by Design: Current Practices
    Public Disclosure Authorized Public Disclosure Authorized Public Disclosure Authorized Public Disclosure Authorized Current Practices Practices Current in Estonia,India, and Austria Privacy by Privacy Design: © 2018 International Bank for Reconstruction and Development/The World Bank 1818 H Street, NW, Washington, D.C., 20433 Telephone: 202-473-1000; Internet: www.worldbank.org Some Rights Reserved This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of The World Bank, or of any participating organization to which such privileges and immunities may apply, all of which are specifically reserved. Rights and Permission This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) http:// creativecommons.org/licenses/by/3.0/igo. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution—Please cite the work as follows: World Bank. 2018.
    [Show full text]
  • Privacy by Design
    Privacy by Design Setting a new standard for privacy certification Privacy by Design is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure, and business practices. 2 Privacy by Design Framework Organizations understand the need to both innovate and safeguard the personal and confidential data of their “Protecting privacy while meeting the customers, employees, and business partners. This has regulatory requirements for data protection become increasingly challenging in the era of “big data” around the world is becoming an increasingly for several reasons: challenging task. Taking a comprehensive, properly implemented risk-based approach— where globally defined risks are anticipated and countermeasures are built into systems and operations, by design—can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions.” – Dr. Ann Cavoukian, Executive Director of the Privacy and Big Data Institute at Ryerson University, Three-term Information and Privacy Commissioner of Ontario, Creator of Privacy by Design • Globalization has fostered an environment where In this complex electronic business environment, knowledge workers feel the need to share information a “check the box” compliance model leads to a false more readily, exposing organizations to a higher sense of security. That’s why a risk-based approach to likelihood of information security breaches identifying digital vulnerabilities and closing privacy gaps becomes a necessity. Once you’ve done the work to • Organizational boundaries are no longer static, making it proactively ensure that your controls are implemented and difficult to track how, where, and by whom information your information is secure, having your privacy practices is being stored, managed, and accessed certified against a global privacy standard can take your privacy and security posture to the next level.
    [Show full text]
  • Data Issues and Promising Practices for Integrated Community Energy Mapping
    CANADIAN GEOSPATIAL DATA INFRASTRUCTURE INFORMATION PRODUCT 50e Data Issues and Promising Practices for Integrated Community Energy Mapping Jessica Webster, CanmetENERGY Canadian Urban Institute Vive le Monde Mapping 2016 © Her Majesty the Queen in Right of Canada, as represented by the Minister of Natural Resources, 2016 For information regarding reproduction rights, contact Natural Resources Canada at [email protected]. Data Issues and Promising Practices for Integrated Community Energy Mapping Prepared by: Jessica Webster, Community Energy Planning Analyst Natural Resources Canada, CanmetENERGY With the assistance of the Canadian Urban Institute and Vive le Monde Mapping March 2015 Disclaimer: This paper was produced by Natural Resources Canada, the Canadian Urban Institute, and Vive le Monde Mapping in conjunction with the Integrated Community Energy Modelling Project 078CE supported by the Clean Energy Fund. Its purpose is to generate dialogue on issues and promising practices relating to the availability, quality, structure, and integration of data required for energy mapping decision support for Canadian municipalities and utilities. Natural Resources Canada and its employees and contractors accept no responsibility and assume no liability or warranties, whether express or implied, for the information presented in this paper. The views and opinions expressed in this paper do not necessarily represent the views of the Government of Canada. ©Her Majesty the Queen in Right of Canada, as represented by the Minister of Natural Resources, 2015 Cat. No. M154-90/2015E-PDF ISBN 978-1-100-25894-2 Natural Resources Canada, CanmetENERGY i Data Issues and Promising Practices for Integrated Community Energy Mapping Acknowledgements Natural Resources Canada gratefully acknowledges contributions from the following individuals to this discussion paper.
    [Show full text]
  • EDPS Preliminary Opinion on Privacy by Design
    Opinion 5/2018 Preliminary Opinion on privacy by design 31 May 2018 i | P a g e The European Data Protection Supervisor (EDPS) is an independent institution of the EU, responsible under Article 41(2) of Regulation 45/2001 ‘With respect to the processing of personal data… for ensuring that the fundamental rights and freedoms of natural persons, and in particular their right to privacy, are respected by the Community institutions and bodies’, and ‘…for advising Community institutions and bodies and data subjects on all matters concerning the processing of personal data’. Under Article 28(2) of Regulation 45/2001, the Commission is required, ‘when adopting a legislative Proposal relating to the protection of individuals’ rights and freedoms with regard to the processing of personal data...’, to consult the EDPS. He was appointed in December 2014 together with the Assistant Supervisor with the specific remit of being constructive and proactive. The EDPS published in March 2015 a five-year strategy setting out how he intends to implement this remit, and to be accountable for doing so. This Opinion aims at contributing to the successful impact of the new obligation of “data protection by design and by default” as set forth by Article 25 of the General Data Protection Regulation by raising awareness, promoting relevant debate and proposing possible lines for action. The principles of privacy by design and by default are explored in their historical development and in their translation into privacy engineering methodologies and privacy enhancing technologies. This analysis is in context with the growing and widespread need for grounding technological development on human values and ethics.
    [Show full text]
  • SIGCHI Conference Paper Format
    Body Matters: Exploration of the Human Body as a Resource for the Design of Technologies for Meditation 1st Author Name 2nd Author Name 3rd Author Name Affiliation Affiliation Affiliation City, Country City, Country City, Country e-mail address e-mail address e-mail address Figure 1. Three objects created in different groups during the workshops to materialize the lived experience of meditation using distinct embodied and material metaphors: (left) “The Healing Journey” by P5, (center) “Mandala” by P19, and (right) “Meditation” by P12. ABSTRACT Author Keywords Much research on meditation has shown its significant Meditation; interaction design; embodied interaction; haptic benefits for wellbeing. In turn, there has been growing HCI feedback; bodily sensations; embodied metaphors interest for the design of novel interactive technologies CCS Concepts intended to facilitate meditation in real-time. In many of • Human-centered computing ~Interaction design these systems, physiological signals have been mapped onto ~Interaction design process and methods ~User centered creative audiovisual feedback, however, there has been design limited attention to the experiential qualities of meditation and the specific role that the body may play in them. In this INTRODUCTION paper, we report on workshops with 24 experts exploring the Sit in a comfortable posture, as upright as you can, and let bodily sensations that emerge during meditation. Through your shoulders drop. Close your eyes if it feels comfortable material speculation, participants shared their lived to do this. If not, then focus your sight on a spot in front of experience of meditation and identified key stages during you. Bring your awareness inside you, to body sensations, by which they may benefit from additional aid, often focusing your attention on the sensations of your body where multimodal.
    [Show full text]
  • Six Ways to Enact Privacy by Design: Cognitive Heuristics That Predict Users' Online Information Disclosure
    Six Ways to enact Privacy by Design: Cognitive Heuristics that predict Users’ Online Information Disclosure S. Shyam Sundar Andrew Gambino Abstract Media Effects Research Laboratory Media Effects Research Laboratory The primary barrier preventing the implementation of College of Communications College of Communications Privacy by Design is a lack of understanding of user Pennsylvania State University Pennsylvania State University psychology pertaining to privacy-related decision- University Park, PA 16802, USA University Park, PA 16802, USA making in everyday online and mobile contexts. [email protected] [email protected] Through focus groups and a representative survey of US adults, we discovered six rules of thumb (or Jinyoung Kim Mary Beth Rosson “cognitive heuristics”) employed by online users while Media Effects Research Laboratory Center for Human–Computer making decisions about disclosing or withholding College of Communications Interaction information. We describe these cognitive heuristics and Pennsylvania State University College of Information Sciences propose that they be leveraged by the design University Park, PA 16802, USA and Technology community, by brainstorming design heuristics, in [email protected] Pennsylvania State University, order to promote secure and trustworthy computing. University Park, PA 16802, USA [email protected] Author Keywords Privacy by design; privacy heuristics; information Permission to make digital or hard copies of all or part of this work for privacy; personal information disclosure personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights ACM Classification Keywords for components of this work owned by others than the author(s) must be H.5.2.
    [Show full text]