Search for: All records

Users often struggle to navigate the privacy / publicity boundary in sharing images online: they may lack awareness of image privacy risks and/or the ability to apply effective mitigation strategies. To address this challenge, we introduce and evaluate Imago Obscura, an AI-powered, image-editing copilot that enables users to identify and mitigate privacy risks with images they intend to share. Driven by design requirements from a formative user study with 7 imageediting experts, Imago Obscura enables users to articulate their image-sharing intent and privacy concerns. The system uses these inputs to surface contextually pertinent privacy risks, and then recommends and facilitates application of a suite of obfuscation techniques found to be effective in prior literature — e.g., inpainting, blurring, and generative content replacement. We evaluated Imago Obscura with 15 end-users in a lab study and found that it greatly improved users’ awareness of image privacy risks and their ability to address those risks, allowing them to make more informed sharing decisions. 

Passive RFID is ubiquitous for key use-cases that include authentication, contactless payment, and location track- ing. Yet, RFID chips can be read without users’ knowledge and consent, causing security and privacy concerns that reduce trust. To improve trust, we employed physically-intuitive design prin- ciples to create On-demand RFID (ORFID). ORFID’s antenna, disconnected by default, can only be re-connected by a user pressing and holding the tag. When the user lets go, the antenna automatically disconnects. ORFID helps users visibly examine the antenna’s connection: by pressing a liquid well, users can observe themselves pushing out a dyed, conductive liquid to fill the void between the antenna’s two bisected ends; by releasing their hold, they can see the liquid recede. A controlled evaluation with 17 participants showed that users trusted ORFID significantly more than a commodity RFID tag, both with and without an RFID- blocking wallet. Users attributed this increased trust to visible state inspection and intentional activation. 

Users make hundreds of transactional permission decisions for smartphone applications, but these decisions persist beyond the context in which they were made. We hypothesized that user concern over permissions varies by context, e.g., that users might be more concerned about location permissions at home than work. To test our hypothesis, we ran a 44-participant, 4-week experience sampling study, asking users about their concern over specific application-permission pairs, plus their physical environment and context. We found distinguishable differences in participants’ concern about permissions across locations and activities, suggesting that users might benefit from more dynamic and contextually-aware approaches to permission decision-making. However, attempts to assist users in configuring these more complex permissions should be made with the aim to reduce concern and affective discomfort—not to normalize and perpetuate this discomfort by replicating prior decisions alone. 

Smart speakers come with always-on microphones to facilitate voice-based interaction. To address user privacy concerns, existing devices come with a number of privacy features: e.g., mute buttons and local trigger-word detection modules. But it is difficult for users to trust that these manufacturer-provided privacy features actually work given that there is a misalignment of incentives: Google, Meta, and Amazon benefit from collecting personal data and users know it. What’s needed is perceptible assurance — privacy features that users can, through physical perception, verify actually work. To that end, we introduce, implement, and evaluate the idea of “intentionally-powered” microphones to provide users with perceptible assurance of privacy with smart speakers. We employed an iterative-design process to develop Candid Mic, a battery-free, wireless microphone that can only be powered by harvesting energy from intentional user interactions. Moreover, users can visually inspect the (dis)connection between the energy harvesting module and the microphone. Through a within-subjects experiment, we found that Candid Mic provides users with perceptible assurance about whether the microphone is capturing audio or not, and improves user trust in using smart speakers relative to mute button interfaces.