Search for: All records

Current privacy protections for smart home devices rarely consider bystanders' privacy, whose preferences are varied and may differ from primary users. We use Contextual Integrity theory to explore context-dependent variation in privacy norms regarding smart home bystanders’ data. We conducted a vignette-based survey with 761 participants in the US, varying parameter values to capture acceptability judgments regarding bystander information flows in certain situations: domestic work, shared housing, visiting a friend overnight, and Airbnb. We found that recipients and purposes of sharing impact acceptance the most. Sharing interaction logs was more acceptable than audio or video. Sharing smart speaker data was less acceptable than smart camera or smart door lock data. We found nuanced interaction effects between factors in different smart home situations, and differences between protections most favored by participants playing bystander vs. owner roles. We provide design and policy recommendations for smart home privacy protections that consider bystanders' needs. 

As smart home devices proliferate, protecting the privacy of those who encounter the devices is of the utmost importance both within their own home and in other people's homes. In this study, we conducted a large-scale survey (N=1459) with primary users of and bystanders to smart home devices. While previous work has studied people's privacy experiences and preferences either as smart home primary users or as bystanders, there is a need for a deeper understanding of privacy experiences and preferences in different contexts and across different countries. Instead of classifying people as either primary users or bystanders, we surveyed the same participants across different contexts. We deployed our survey in four countries (Germany, Mexico, the United Kingdom, and the United States) and in two languages (English and Spanish). We found that participants were generally more concerned about devices in their own homes, but perceived video cameras—especially unknown ones—and usability as more concerning in other people's homes. Compared to male participants, female and non-binary participants had less control over configuration of devices and privacy settings—regardless of whether they were the most frequent user. Comparing countries, participants in Mexico were more likely to be comfortable with devices, but also more likely to take privacy precautions around them. We also make cross-contextual recommendations for device designers and policymakers, such as nudges to facilitate social interactions. 

Free and open source social platform software has dramatically lowered the barrier to entry for anyone to set up and administer their own social network. This new population of social network administrators thus assume data management responsibilities for sociotechnical systems. Administrators have the power to customize this software, including data collection and data retention, potentially leading to radically different privacy policies. To better understand the characteristics — e.g., the variability, prohibitions, and permissions — of privacy policies on these new social networking platforms, we have conducted a case study of Mastodon. We performed a text analysis of 351 privacy policies and a survey of 104 Mastodon administrators. While most administrators used the default policy that ships with the Mastodon software, we observed that approximately ten percent of our sample tailored their privacy policies to their instances and that some administrators conflated codes of conduct with privacy policies. Our findings suggest the existing market-based individualistic frameworks for thinking about privacy policies do not adequately address this emerging community. 

Private heavy-hitters is a data-collection task where multiple clients possess private bit strings, and data-collection servers aim to identify the most popular strings without learning anything about the clients' inputs. In this work, we introduce PLASMA: a private analytics framework in the three-server setting that protects the privacy of honest clients and the correctness of the protocol against a coalition of malicious clients and a malicious server. Our core primitives are a verifiable incremental distributed point function (VIDPF) and a batched consistency check, which are of independent interest. Our VIDPF introduces new methods to validate client inputs based on hashing. Meanwhile, our batched consistency check uses Merkle trees to validate multiple client sessions together in a batch. This drastically reduces server communication across multiple client sessions, resulting in significantly less communication compared to related works. Finally, we compare PLASMA with the recent works of Asharov et al. (CCS'22) and Poplar (S&P'21) and compare in terms of monetary cost for different input sizes. 

Prior work has consistently found that people have miscomprehensions and misunderstandings about technical terms. However, that work has exclusively studied general populations, usually recruited online. This work investigates the relationship between generational cohorts and their understandings of privacy terms, specifically cohorts of elementary school children (aged 10-11), young adults (aged 18-23), and retired adults (aged 73-92), all recruited offline. We surveyed participants about their understanding of and confidence with technical terms that commonly appear in privacy policies. We then moderated a post-survey focus group with each generational cohort in which participants discussed their reactions to the actual definitions along with their experience with technical privacy terms. We found that young adults had better understandings of technical terms than the other generations, despite all generations reporting being regular Internet users. Participants across all generational cohorts discussed themes of confusion and frustration with technical terms, and older adults particularly reported a sense of being left behind. Our results reinforce the need for improvement in the presentation of information about data use practices. Our results also demonstrate the need for more focused research and attention on the youngest and oldest members of society and their use of the Internet and technology. 

The California Privacy Rights Act (CPRA) was a ballot initiative that revised the California Consumer Privacy Act (CCPA). Although often framed as expanding and enhancing privacy rights, a close analysis of textual revisions—both changes from the earlier law and changes from earlier drafts of the CPRA guidelines—suggest that the reality might be more nuanced. In this work, we identify three textual revisions that have potential to negatively impact the right to opt-out of sale under CPRA and evaluate the effect of these textual revisions using (1) a large-scale longitudinal measurement study of 25,000 websites over twelve months and (2) an experimental user study with 775 participants recruited through Prolific. We find that all revisions negatively impacted the usability, scope, and visibility of the right to opt-out of sale. Our results provide the first comprehensive evaluation of the impact of CPRA on Internet privacy. They also emphasize the importance of continued evaluation of legal requirements as guidelines and case law evolve after a law goes into effect.