Search for: All records

Current privacy protections for smart home devices rarely consider bystanders' privacy, whose preferences are varied and may differ from primary users. We use Contextual Integrity theory to explore context-dependent variation in privacy norms regarding smart home bystanders’ data. We conducted a vignette-based survey with 761 participants in the US, varying parameter values to capture acceptability judgments regarding bystander information flows in certain situations: domestic work, shared housing, visiting a friend overnight, and Airbnb. We found that recipients and purposes of sharing impact acceptance the most. Sharing interaction logs was more acceptable than audio or video. Sharing smart speaker data was less acceptable than smart camera or smart door lock data. We found nuanced interaction effects between factors in different smart home situations, and differences between protections most favored by participants playing bystander vs. owner roles. We provide design and policy recommendations for smart home privacy protections that consider bystanders' needs. 

Smart home devices raise privacy concerns among not only primary users but also bystanders like domestic workers. We conducted 25 qualitative interviews with nannies and 16 with parents who employed nannies, in the U.S., to explore and compare their views on and privacy threat models for smart home devices. We found device-specific purposes of use inspired different perspectives among nanny participants. Most were comfortable with employers’ smart speakers and smart TVs, whose purpose had nothing to do with them. However, with indoor smart cameras, nanny participants were often not just bystanders but targets of monitoring; in such situations, they had a wider range of attitudes. In contrast, parent participants tended to have more similar views across devices. We found notable disconnects regarding disclosure, where nanny participants often hesitated to ask about cameras, but parent participants assumed nannies just didn’t care. We recommend prioritizing interventions supporting disclosure, discussion, and sharing control. 

Internet users often neglect important security actions (e.g., installing security updates or changing passwords) because they interrupt users’ main task at inopportune times. Commitment devices, such as reminders and promises, have been found to be effective at reducing procrastination in other domains. In a series of online experiments (\(n{\gt}3{,}000\)), we explored the effects of reminders and promises on users’ willingness to change a compromised password. We find that adding an option to delay the task increases the share of people willing to eventually change their password considerably. Critically, the option to delay yields this overall increase without reducing the share of people choosing to change their password immediately. Additionally, most participants who promised to change their password later, or asked to be reminded to do so, indeed followed through on their commitment, leading to a net positive effect. Reminding participants of their previous commitment further increased this effect. 

Smart home cameras raise privacy concerns in part because they frequently collect data not only about the primary users who deployed them but also other parties -- who may be targets of intentional surveillance or incidental bystanders. Domestic employees working in smart homes must navigate a complex situation that blends privacy and social norms for homes, workplaces, and caregiving. This paper presents findings from 25 semi-structured interviews with domestic childcare workers in the U.S. about smart home cameras, focusing on how privacy considerations interact with the dynamics of their employer-employee relationships. We show how participants’ views on camera data collection, and their desire and ability to set conditions on data use and sharing, were affected by power differentials and norms about who should control information flows in a given context. Participants’ attitudes about employers’ cameras often hinged on how employers used the data; whether participants viewed camera use as likely to reinforce negative tendencies in the employer-employee relationship; and how camera use and disclosure might reflect existing relationship tendencies. We also suggest technical and social interventions to mitigate the adverse effects of power imbalances on domestic employees’ privacy and individual agency. 

Commitment devices are a technique from behavioral economics that have been shown to mitigate the effects of present bias—the tendency to discount future risks and gains in favor of immediate gratifications. In this paper, we explore the feasibility of using commitment devices to nudge users towards complying with varying online security mitigations. Using two online experiments, with over 1,000 participants total, we offered participants the option to be reminded or to schedule security tasks in the future. We find that both reminders and commitment nudges can increase users’ intentions to install security updates and enable two-factor authentication, but not to configure automatic backups. Using qualitative data, we gain insights into the reasons for postponement and how to improve future nudges. We posit that current nudges may not live up to their full potential, as the timing options offered to users may be too rigid.