research-article

Public Access

Addressing The Privacy Paradox through Personalized Privacy Notifications

Authors:

Corey Brian Jackson,

Yang WangAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 2, Issue 2

Article No.: 68, Pages 1 - 25

https://doi.org/10.1145/3214271

Published: 05 July 2018 Publication History

Abstract

Privacy behaviors of individuals are often inconsistent with their stated attitudes, a phenomenon known as the "privacy paradox." These inconsistencies may lead to troublesome or regrettable experiences. To help people address these privacy inconsistencies, we propose a personalized privacy notification approach that juxtaposes users' general privacy attitudes towards specific technologies and the potential privacy riskiness of particular instances of such technology, right when users make decisions about whether and/or how to use the technology under consideration. Highlighting the privacy inconsistencies to users was designed to nudge them in making decisions in a way that aligns with their privacy attitudes.

To illustrate this approach, we chose the domain of mobile apps and designed a privacy discrepancy interface that highlights this discrepancy between users' general privacy attitudes towards mobile apps and the potential privacy riskiness of a particular app, nudging them to make app installation and/or permission granting decisions reflecting their privacy attitudes. To evaluate this interface, we conducted an online experiment simulating the process of installing Android apps. We compared the privacy discrepancy approach with several existing privacy notification approaches. Our results suggest that the behaviors of participants who used the privacy discrepancy interface better reflected their privacy attitudes than the other approaches.

References

[1]

Alessandro Acquisti. 2004. Privacy in Electronic Commerce and the Economics of Immediate Gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce (EC '04). ACM, New York, NY, USA, 21--29.

Digital Library

[2]

Alessandro Acquisti. 2009. Nudging Privacy: The Behavioral Economics of Personal Information. IEEE Security and Privacy 7, 6 (2009), 82--85.

Digital Library

[3]

Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online. ACM Comput. Surv. 50, 3, Article 44 (Aug. 2017), 41 pages.

Digital Library

[4]

Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (Jan. 2015), 509--514.

[5]

Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location Has Been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 787--796.

Digital Library

[6]

Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. "Little Brothers Watching You": Raising Awareness of Data Leaks on Smartphones. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, Article 12, 11 pages.

Digital Library

[7]

Rebecca Balebako, Florian Schaub, Idris Adjerid, Alessandro Acquisti, and Lorrie Cranor. 2015. The Impact of Timing on the Salience of Smartphone App Privacy Notices. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '15). ACM, New York, NY, USA, 63--74.

Digital Library

[8]

Douglas Bates, Martin Mächler, Ben Bolker, and Steve Walker. 2015. Fitting Linear Mixed-Effects Models Using lme4. Journal of Statistical Software 67, 1 (2015), 1--48.

[9]

Eun Kyoung Choe, Jaeyeon Jung, Bongshin Lee, and Kristie Fisher. 2013. Nudging People Away from Privacy-Invasive Mobile Apps through Visual Framing. In Information curators in an enterprise file-sharing service. Springer Berlin Heidelberg, Berlin, Heidelberg, 74--91.

[10]

Jacob Cohen. 1960. A Coefficient of Agreement for Nominal Scales. Educational and Psychological Measurement 20, 1 (April 1960), 37--46.

[11]

L F Cranor. 2012. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. J on Telecomm 8 High Tech L (2012).

[12]

Lorrie Faith Cranor, Praveen Guduru, and Manjula Arjula. 2006. User interfaces for privacy agents. ACM transactions on computer-human interaction (TOCHI) 13, 2 (June 2006), 135--178.

Digital Library

[13]

RogÃČÂl'rio de Paula, Xianghua Ding, Paul Dourish, Kari Nies, Ben Pillet, David F. Redmiles, Jie Ren, Jennifer A. Rode, and Roberto Silva Filho. 2005. In the eye of the beholder: A visualization-based approach to information system security. International Journal of Human-Computer Studies 63, 1 (2005), 5--24. HCI research in privacy and security.

Digital Library

[14]

Adrienne Porter Felt, Serge Egelman, and David Wagner. 2012. I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns. ACM, New York, New York, USA.

[15]

Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. The Effectiveness of Application Permissions. In Proceedings of the 2Nd USENIX Conference on Web Application Development (WebApps'11). USENIX Association, Berkeley, CA, USA, 7--7. http://dl.acm.org/citation.cfm?id=2002168.2002175

Digital Library

[16]

Denzil Ferreira, Vassilis Kostakos, Alastair R. Beresford, Janne Lindqvist, and Anind K. Dey. 2015. Securacy: An Empirical Investigation of Android Applications' Network Usage, Privacy and Security. In Proceedings of the 8th ACM Conference on Security 8 Privacy in Wireless and Mobile Networks (WiSec '15). ACM, New York, NY, USA, Article 11, 11 pages.

Digital Library

[17]

Leon Festinger. 1957. A theory of cognitive dissonance. Stanford University Press.

[18]

Christopher S Gates, Jing Chen, Ninghui Li, and Robert W Proctor. 2014. Effective Risk Communication for Android Apps. Dependable and Secure Computing, IEEE Transactions on 11, 3 (2014), 252--265.

Digital Library

[19]

Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using personal examples to improve risk communication for security 8 privacy decisions. In CHI '14. ACM Press, New York, New York, USA, 2647--2656.

Digital Library

[20]

Corey Brian Jackson. 2016. Privacy Discrepancy. https://www.youtube.com/watch?v=PcRngDsXVc4&t=121s

[21]

Kathy A. Stewart. 2002. An Empirical Examination of the Concern for Information Privacy Instrument. Information Systems Research 13, 1 (March 2002), 36--49.

Digital Library

[22]

Judy Kay. 2006. Scrutable Adaptation: Because We Can and Must. In Adaptive Hypermedia and Adaptive Web-Based Systems. Springer Berlin / Heidelberg, 11--19.

Digital Library

[23]

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as part of the app decision-making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 3393--3402.

Digital Library

[24]

Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny Not to Fall for Phish. ACM Trans. Internet Technol. 10, 2, Article 7 (June 2010), 31 pages.

Digital Library

[25]

Jialiu Lin, Shahriyar Amini, Jason I Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In UbiComp '12: Proceedings of the 2012 ACM Conference on Ubiquitous Computing. ACM Request Permissions, New York, New York, USA, 501.

Digital Library

[26]

Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I Hong. 2014. Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings. In Symposium on Usable Privacy and Security (SOUPS).

Digital Library

[27]

Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun (Aerin) Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti. 2016. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO, 27--41.

Digital Library

[28]

Bin Liu, Jialiu Lin, and Norman Sadeh. 2014. Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?. In Proceedings of the 23rd International Conference on World Wide Web (WWW '14). ACM, New York, NY, USA, 201--212.

Digital Library

[29]

Richard E Mayer and Richard B Anderson. 1992. The instructive animation: Helping students build connections between words and pictures in multimedia learning. Journal of Educational Psychology 84, 4 (Dec. 1992), 444--452.

[30]

Alexios Mylonas, Dimitris Gritzalis, Bill Tsoumas, and Theodore Apostolopoulos. 2013. A Qualitative Metrics Vector for the Awareness of Smartphone Security Users. In Trust, Privacy, and Security in Digital Business. Springer Berlin Heidelberg, Berlin, Heidelberg, 173--184.

Digital Library

[31]

Alexios Mylonas, Anastasia Kastania, and Dimitris Gritzalis. 2013. Delegate the Smartphone User? Security Awareness in Smartphone Platforms. Comput. Secur. 34 (May 2013), 47--66.

Digital Library

[32]

Naresh K. Malhotra, Sung S. Kim, and James Agarwal. 2004. Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research 15, 4 (Dec. 2004), 336--355.

Digital Library

[33]

Daniel J Solove. 2006. A Taxonomy of Privacy. University of Pennsylvania Law Review 154, 3 (July 2006), 477--560.

[34]

Sarah Spiekermann, Jens Grossklags, and Bettina Berendt. 2001. E-privacy in 2Nd Generation E-commerce: Privacy Preferences Versus Actual Behavior. In Proceedings of the 3rd ACM Conference on Electronic Commerce (EC '01). ACM, New York, NY, USA, 38--47.

Digital Library

[35]

V F Taylor and I Martinovic. 2016. Quantifying Permission-Creep in the Google Play Store. arXiv (2016). arXiv:related:Y-kixjgTwKMJ

[36]

Lynn Tsai, Primal Wijesekera, Joel Reardon, Irwin Reyes, Serge Egelman, David Wagner, Nathan Good, and Jung-Wei Chen. 2017. Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 145--162.

Digital Library

[37]

Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, and Norman Sadeh. 2014. A Field Trial of Privacy Nudges for Facebook. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '14). ACM, New York, NY, USA, 2367--2376.

Digital Library

[38]

Yang Wang, Gregory Norcie, Saranga Komanduri, Alessandro Acquisti, Pedro Giovanni Leon, and Lorrie Faith Cranor. 2011. "I regretted the minute I pressed share": a qualitative study of regrets on Facebook. In Proceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS '11). ACM, New York, NY, USA, 10:1--10:16.

Digital Library

[39]

Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, and Konstantin Beznosov. 2017. The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences. In 2017 IEEE Symposium on Security and Privacy (SP. IEEE, 1077--1093.

[40]

Heng Xu, Sumeet Gupta, Mary Beth Rosson, and John M Carroll. 2012. Measuring mobile users' concerns for information privacy. In Thirty Third International Conference on Information Systems.

Cited By

Magomedova A(2024)THE NATURE OF BUSINESS MODEL OF A COMPANYTHEORETICAL AND APPLIED ISSUES OF ECONOMICS10.17721/tppe.2024.49.8(87-93)Online publication date: 2024
https://doi.org/10.17721/tppe.2024.49.8
Naghizade EJi KTag BSalim FKostakos VKay JHoang T(2024)Inside Out or Not: Privacy Implications of Emotional DisclosureCompanion of the 2024 on ACM International Joint Conference on Pervasive and Ubiquitous Computing10.1145/3675094.3677598(121-125)Online publication date: 5-Oct-2024
https://dl.acm.org/doi/10.1145/3675094.3677598
Bourdoucen ALindqvist J(2024)Privacy of Default Apps in Apple’s Mobile EcosystemProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642831(1-32)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642831
Show More Cited By

Index Terms

Addressing The Privacy Paradox through Personalized Privacy Notifications
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
    2. Usability in security and privacy
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior
Abstract
Although survey results show that the privacy of their personal data is an important issue for online users worldwide, most users rarely make an effort to protect this data actively and often even give it away voluntarily. Privacy ...
Explaining Privacy Paradox on WeChat: Investigating the Effect of Privacy Fatigue on Personal Information Disclosure Behaviors Among SNS Users

With the development of the information age, people need to disclose personal information in exchange for socializing and related services. At the same time, people's privacy concerns are gradually increasing. Privacy paradox has become a normal ...
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 2, Issue 2

June 2018

741 pages

EISSN:2474-9567

DOI:10.1145/3236498

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 July 2018

Accepted: 01 April 2018

Revised: 01 March 2018

Received: 01 August 2017

Published in IMWUT Volume 2, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,603
Total Downloads

Downloads (Last 12 months)287
Downloads (Last 6 weeks)35

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Magomedova A(2024)THE NATURE OF BUSINESS MODEL OF A COMPANYTHEORETICAL AND APPLIED ISSUES OF ECONOMICS10.17721/tppe.2024.49.8(87-93)Online publication date: 2024
https://doi.org/10.17721/tppe.2024.49.8
Naghizade EJi KTag BSalim FKostakos VKay JHoang T(2024)Inside Out or Not: Privacy Implications of Emotional DisclosureCompanion of the 2024 on ACM International Joint Conference on Pervasive and Ubiquitous Computing10.1145/3675094.3677598(121-125)Online publication date: 5-Oct-2024
https://dl.acm.org/doi/10.1145/3675094.3677598
Bourdoucen ALindqvist J(2024)Privacy of Default Apps in Apple’s Mobile EcosystemProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642831(1-32)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642831
Lee HJung YLaw HBae SLee U(2024)PriviAware: Exploring Data Visualization and Dynamic Privacy Control Support for Data Collection in Mobile Sensing ResearchProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642815(1-17)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642815
Leimstädtner DSörries PMüller-Birn C(2023)Investigating Responsible Nudge Design for Informed Decision-Making Enabling Transparent and Reflective Decision-MakingProceedings of Mensch und Computer 202310.1145/3603555.3603567(220-236)Online publication date: 3-Sep-2023
https://dl.acm.org/doi/10.1145/3603555.3603567
Windl MSchmidt AFeger S(2023)Investigating Tangible Privacy-Preserving Mechanisms for Future Smart HomesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581167(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581167
Windl MWinterhalter VSchmidt AMayer S(2023)Understanding and Mitigating Technology-Facilitated Privacy Violations in the Physical WorldProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580909(1-16)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580909
Kaiser JMarianski TJung FWoźniak MBoll S(2022)Informed ShoppAR - Visualizing Privacy Information in Augmented RealityProceedings of Mensch und Computer 202210.1145/3543758.3549884(394-398)Online publication date: 4-Sep-2022
https://dl.acm.org/doi/10.1145/3543758.3549884
Lee HKang SLee U(2022)Understanding Privacy Risks and Perceived Benefits in Open Dataset Collection for Mobile Affective ComputingProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35346236:2(1-26)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3534623
Jamieson JEpstein DChen YYamashita N(2022)Unpacking Intention and Behavior: Explaining Contact Tracing App Adoption and Hesitancy in the United StatesProceedings of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491102.3501963(1-14)Online publication date: 29-Apr-2022
https://dl.acm.org/doi/10.1145/3491102.3501963
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents