More Like this

1. Will They Share? Predicting Location Sharing Behaviors of Smartphone Users through Self-Reflection on Past Privacy Behaviors

   Safi, M.I.; Jha, A.; Aly, M.E.; Page, X.; Patil, S.; Wisniewski, P. (February 2019, The 2019 NDSS Workshop on Usable Security and Privacy)

   Location sharing is a particularly sensitive type of online information disclosure. To explain this behavior, we compared the effectiveness of using self-report measures drawn from the literature, behavioral data collected from mobile phones, and a new type of measure that represents a hybrid of self-report and behavioral data to contextualize users’ attitudes toward their past location sharing behaviors. This new measure was based on a reflective learning paradigm, where one reflects on past behavior to inform future behavior. Based on a study of Android smartphone users (N=114), we found that the construct ‘FYI About Myself’ and our new reflective measure of one’s comfort with sharing location with apps on the smartphone were the best predictors of location sharing behavior. Surprisingly, Behavioral Intention, a commonly used proxy for actual behavior, was not a significant predictor. These results have important implications for privacy research and designing systems to meet users’ location sharing privacy needs. 

   more » « less
2. Predicting smartphone location-sharing decisions through self-reflection on past privacy behavior

   https://doi.org/10.1093/cybsec/tyaa014  

   Wisniewski, Pamela; Safi, Muhammad Irtaza; Patil, Sameer; Page, Xinru (January 2020, Journal of Cybersecurity)

   null (Ed.)

   Abstract Smartphone location sharing is a particularly sensitive type of information disclosure that has implications for users’ digital privacy and security as well as their physical safety. To understand and predict location disclosure behavior, we developed an Android app that scraped metadata from users’ phones, asked them to grant the location-sharing permission to the app, and administered a survey. We compared the effectiveness of using self-report measures commonly used in the social sciences, behavioral data collected from users’ mobile phones, and a new type of measure that we developed, representing a hybrid of self-report and behavioral data to contextualize users’ attitudes toward their past location-sharing behaviors. This new type of measure is based on a reflective learning paradigm where individuals reflect on past behavior to inform future behavior. Based on data from 380 Android smartphone users, we found that the best predictors of whether participants granted the location-sharing permission to our app were: behavioral intention to share information with apps, the “FYI” communication style, and one of our new hybrid measures asking users whether they were comfortable sharing location with apps currently installed on their smartphones. Our novel, hybrid construct of self-reflection on past behavior significantly improves predictive power and shows the importance of combining social science and computational science approaches for improving the prediction of users’ privacy behaviors. Further, when assessing the construct validity of the Behavioral Intention construct drawn from previous location-sharing research, our data showed a clear distinction between two different types of Behavioral Intention: self-reported intention to use mobile apps versus the intention to share information with these apps. This finding suggests that users desire the ability to use mobile apps without being required to share sensitive information, such as their location. These results have important implications for cybersecurity research and system design to meet users’ location-sharing privacy needs. 

   more » « less
3. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships

   Park, Cheul Young; Faklaris, Cori; Zhao, Siyan; Sciuto, Alex; Dabbish, Laura; Hong, Jason (August 2018, Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018))

   Security design choices often fail to take into account users' social context. Our work is among the first to examine security behavior in romantic relationships. We surveyed 195 people on Amazon Mechanical Turk about their relationship status and account sharing behavior for a cross-section of popular websites and apps (e.g., Netflix, Amazon Prime). We examine differences in account sharing behavior at different stages in a relationship and for people in different age groups and income levels. We also present a taxonomy of sharing motivations and behaviors based on the iterative coding of open-ended responses. Based on this taxonomy, we present design recommendations to support end users in three relationship stages: when they start sharing access with romantic partners; when they are maintaining that sharing; and when they decide to stop. Our findings contribute to the field of usable privacy and security by enhancing our understanding of security and privacy behaviors and needs in intimate social relationships. 

   more » « less
4. Modeling of Personalized Privacy Disclosure Behavior: A Formal Method Approach

   https://doi.org/10.1145/3465481.3470102  

   Mehdy, A K; Mehrpouyan, Hoda (August 2021, ARES 2021: The 16th International Conference on Availability, Reliability and Security)

   In order to create user-centric and personalized privacy management tools, the underlying models must account for individual users’ privacy expectations, preferences, and their ability to control their information sharing activities. Existing studies of users’ privacy behavior modeling attempt to frame the problem from a request’s perspective, which lack the crucial involvement of the information owner, resulting in limited or no control of policy management. Moreover, very few of them take into the consideration the aspect of correctness, explainability, usability, and acceptance of the methodologies for each user of the system. In this paper, we present a methodology to formally model, validate, and verify personalized privacy disclosure behavior based on the analysis of the user’s situational decision-making process. We use a model checking tool named UPPAAL to represent users’ self-reported privacy disclosure behavior by an extended form of finite state automata (FSA), and perform reachability analysis for the verification of privacy properties through computation tree logic (CTL) formulas. We also describe the practical use cases of the methodology depicting the potential of formal technique towards the design and development of user-centric behavioral modeling. This paper, through extensive amounts of experimental outcomes, contributes several insights to the area of formal methods and user-tailored privacy behavior modeling. 

   more » « less
5. Privacy as a Planned Behavior: Effects of Situational Factors on Privacy Perceptions and Plans

   https://doi.org/10.1145/3450613.3456829  

   Mehdy, A K; Ekstrand, Michael D.; Knijnenburg, Bart P.; Mehrpouyan, Hoda (June 2021, UMAP ’21, June 21–25, 2021, Utrecht, Netherlands © 2021 Association for Computing Machinery.)

   null (Ed.)

   To account for privacy perceptions and preferences in user models and develop personalized privacy systems, we need to understand how users make privacy decisions in various contexts. Existing studies of privacy perceptions and behavior focus on overall tendencies toward privacy, but few have examined the context-specific factors in privacy decision making. We conducted a survey on Mechanical Turk (N=401) based on the theory of planned behavior (TPB) to measure the way users’ perceptions of privacy factors and intent to disclose information are affected by three situational factors embodied hypothetical scenarios: information type, recipients’ role, and trust source. Results showed a positive relationship between subjective norms and perceived behavioral control, and between each of these and situational privacy attitude; all three constructs are significantly positively associated with intent to disclose. These findings also suggest that, situational factors predict participants’ privacy decisions through their influence on the TPB constructs. 

   more » « less