Mobile fitness tracking apps allow users to track their workouts and share them with friends through online social networks. Although the sharing of personal data is an inherent risk in all social networks, the dangers presented by sharing personal workouts comprised of geospatial and health data may prove especially grave. While fitness apps offer a variety of privacy features, at present it is unclear if these countermeasures are sufficient to thwart a determined attacker, nor is it clear how many of these services’ users are at risk.
In this work, we perform a systematic analysis of privacy behaviors and threats in fitness tracking social networks. Collecting a month-long snapshot of public posts of a popular fitness tracking service (21 million posts, 3 million users), we observe that 16.5% of users make use of Endpoint Privacy Zones (EPZs), which conceal fitness activity near user-designated sensitive locations (e.g., home, office). We go on to develop an attack against EPZs that infers users’ protected locations from the remaining available information in public posts, discovering that 95.1% of moderately active users are at risk of having their protected locations extracted by an attacker. Finally, we consider the efficacy of state-of-the-art privacy mechanisms through adapting geo-indistinguishability techniques as well as developing a novel EPZ fuzzing technique. The affected companies have been notified of the discovered vulnerabilities and at the time of publication have incorporated our proposed countermeasures into their production systems.
more »
« less
Upside and Downside Risk in Online Security for Older Adults with Mild Cognitive Impairment
Older adults are rapidly increasing their use of online services such as banking, social media, and email - services that come with subtle and serious security and privacy risks. Older adults with mild cognitive impairment (MCI) are particularly vulnerable to these risks because MCI can reduce their ability to recognize scams such as email phishing, follow recommended password guidelines, and consider the implications of sharing personal information. Older adults with MCI often cope with their impairments with the help of caregivers, including partners, children, and professional health personnel, when using and managing online services. Yet, this too carries security and privacy risks: sharing personal information with caregivers can create issues of agency, autonomy, and even risk embarrassment and information leakage; caregivers also do not always act in their charges' best interest. Through a series of interviews conducted in the US, we identify a spectrum of safeguarding strategies used and consider them through the lens of 'upside and downside risk' where there are tradeoffs between reduced privacy and maintaining older adults' autonomy and access to online services.
more »
« less
- Award ID(s):
- 1714514
- NSF-PAR ID:
- 10111824
- Date Published:
- Journal Name:
- Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems
- Page Range / eLocation ID:
- 343
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)Flexible, contingent, or 'agile,' working arrangements provide workers with greater autonomy over when, where, or how to fulfill their responsibilities. In search of increased productivity and reduced absenteeism, organizations have increasingly turned to flexible work arrangements. Although access to flexible work arrangements is more prevalent among high-skilled workers, in the form of flextime or co-working, the past decade has also witnessed growth of independent contractors, digital nomadism, digitally enabled crowdwork, online freelancing, and on-demand platform labor. Flexible work arrangements reduce commutes and can enable workers with care-responsibilities to stay in the workforce. Younger workers also see flexibility as a top priority when considering career opportunities. Flexible working arrangements can also be mutually beneficial, enabling organizations to scale dynamically. Specific skill sets can be immediately accessed by turning to freelancers to fill organizational gaps. A growing number of organizations and workers rely on short-term and project-based relationships, using online platforms such as Upwork or Fiverr to connect. However, flexible work arrangements often come entwined with precarity cloaked in emancipatory narratives. Fixed salaries and benefits have given way to hourly rates and quantified ratings. Flexible workers often face unpredictability and uncertainty as they carry more risk and responsibility, and are burdened with a great portion of administrative costs (that is, overhead) associated with organizational support systems. Flexible workers at Google, for instance, outnumber full time workers but face far more unpredictability. Current formulations consider organizations as relatively fixed 'containers', which encapsulate the work performed and the information and communications technology (ICT) systems used to perform it.12 However, flexible work arrangements take place outside of organizational containers. In this new sociotechnical dynamic, flexible workers interact with a diversity of digital tools that defy centralized, top-down standardization or governance. We capture this diversity of digital tools through the concept of Personal Digital Infrastructures (PDIs), which denote an individualized assemblage of tools and technologies, such as personal laptops, smartphones, cloud services, and applications brought together by workers to perform their work tasks. Yet, flexible workers constantly reconfigure their PDIs as the technology landscape, client-relationship, and task requirements shift. For flexible work arrangements to be mutually beneficial, PDI integration in ICT systems for work is increasingly necessary, beyond a narrow focus on enterprise systems supporting standard work. Our collective research on flexible work arrangements indicates that PDIs present non-trivial challenges, but a more effective design of ICT systems for work can facilitate the integration of these bottom-up infrastructures. The nuanced understanding of PDIs presented here highlights their interplay with flexible work arrangements across key dimensions (spatial, temporal, organizational, and technological) and suggests key priorities for technology and platform developers.more » « less
-
The onset of the COVID-19 pandemic changed the landscape of education and led to increased usage of remote proctoring tools that are designed to monitor students when they take assessments outside the classroom. While prior work has explored students' privacy and security concerns regarding online proctoring tools, the perspective of educators is under explored. Notably, educators are the decision makers in the classrooms and choose which remote proctoring services and the level of observations they deem appropriate. To explore how educators balance the security and privacy of their students with the requirements of remote exams, we sent survey requests to over 3,400 instructors at a large private university that taught online classes during the 2020/21 academic year. We had n=125 responses: 21% of the educators surveyed used online exam proctoring services during the remote learning period, and of those, 35% plan to continue using the tools even when there is a full return to in-person learning. Educators who use exam proctoring services are often comfortable with their monitoring capabilities. However, educators are concerned about students sharing certain types of information with exam proctoring companies, particularly when proctoring services collect identifiable information to validate students' identities. Our results suggest that many educators developed alternative assessments that did not require online proctoring and that those who did use online proctoring services often considered the tradeoffs between the potential risks to student privacy and the utility or necessity of exam proctoring services.more » « less
-
The rise in online health information seeking among older adults promises significant benefits but also presents potentially serious privacy risks. In light of these risks, we argue that ongoing research and advocacy aimed at promoting online health information seeking among older adults must be coupled with efforts to identify and address threats to their online privacy. We first detail how internet users reveal sensitive health information to third parties through seemingly innocuous web browsing. We then describe ethical concerns raised by the inadvertent disclosure of health information, which include the potential for dignitary harms, subjective injuries, online health scams, and discrimination. After reviewing ways in which existing privacy laws fail to meet the needs of older adults, we provide recommendations for individual and collective action to protect the online privacy of older adults.more » « less
-
more » « less
Background Monitoring technologies are used to collect a range of information, such as one’s location out of the home or movement within the home, and transmit that information to caregivers to support aging in place. Their surveilling nature, however, poses ethical dilemmas and can be experienced as intrusive to people living with Alzheimer disease (AD) and AD-related dementias. These challenges are compounded when older adults are not engaged in decision-making about how they are monitored. Dissemination of these technologies is outpacing our understanding of how to communicate their functions, risks, and benefits to families and older adults. To date, there are no tools to help families understand the functions of monitoring technologies or guide them in balancing their perceived need for ongoing surveillance and the older adult’s dignity and wishes.
Objective We designed, developed, and piloted a communication and education tool in the form of a web application called Let’s Talk Tech to support family decision-making about diverse technologies used in dementia home care. The knowledge base about how to design online interventions for people living with mild dementia is still in development, and dyadic interventions used in dementia care remain rare. We describe the intervention’s motivation and development process, and the feasibility of using this self-administered web application intervention in a pilot sample of people living with mild AD and their family care partners.
Methods We surveyed 29 mild AD dementia care dyads living together before and after they completed the web application intervention and interviewed each dyad about their experiences with it. We report postintervention measures of feasibility (recruitment, enrollment, and retention) and acceptability (satisfaction, quality, and usability). Descriptive statistics were calculated for survey items, and thematic analysis was used with interview transcripts to illuminate participants’ experiences and recommendations to improve the intervention.
Results The study enrolled 33 people living with AD and their care partners, and 29 (88%) dyads completed the study (all but one were spousal dyads). Participants were asked to complete 4 technology modules, and all completed them. The majority of participants rated the tool as having the right length (>90%), having the right amount of information (>84%), being very clearly worded (>74%), and presenting information in a balanced way (>90%). Most felt the tool was easy to use and helpful, and would likely recommend it to others.
Conclusions This study demonstrated that our intervention to educate and facilitate conversation and documentation of preferences is preliminarily feasible and acceptable to mild AD care dyads. Effectively involving older adults in these decisions and informing care partners of their preferences could enable families to avoid conflicts or risks associated with uninformed or disempowered use and to personalize use so both members of the dyad can experience benefits.
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3290605.3300573
