If you can't read please download the document
Upload
holli
View
29
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Understanding and Capturing People’s Privacy Policies in a People Finder Application. Madhu Prabaker, Jinghai Rao, Ian Fette, Patrick Kelley, Lorrie Cranor, Jason Hong, Norman Sadeh Carnegie Mellon University. Overview. Case study of People Finder application What it is How it works - PowerPoint PPT Presentation
Citation preview
Understanding and Capturing Peoples Privacy Policies in a People Finder ApplicationMadhu Prabaker, Jinghai Rao, Ian Fette, Patrick Kelley, Lorrie Cranor, Jason Hong, Norman Sadeh
Carnegie Mellon University
OverviewCase study of People Finder applicationWhat it isHow it worksLab studies and field trialsLessons Learned / Opinions and Conjectures
User-Controllable Privacy and SecurityProject OverviewOverall Goal: Better UIs for managing privacy and security for pervasive computingSimple ways of specifying policiesClear notifications and explanations of what happenedBetter visualizations to summarize resultsMachine learning for learning preferencesStart with small evaluations, continue with large-scale ones
Large multi-disciplinary team and projectSix faculty, 2 postdocs, five studentsRoughly 2 years into project
User-Controllable Privacy and SecurityProject OverviewApplicationsPeople FinderContextual Instant Messaging (later at Ubicomp)Grey: Access Control to resources
Some ChallengesNot being burdensome or annoyingRight balance of expressiveness and simplicityProviding enough value so people will use our apps!Security & privacy our main concern, but not users
People FinderLets you find other peoples location, subject to any specified rulesOkayness checkingRendezvous
Requestors have a list of buddies whose location they can request via web, system tray, or mobile phone
Web Interface
System Tray and Mobile Phone
Plausible Deniability Built in
Found a Person
Found Another Person
Some Architectural DetailsLaptop version uses Skyhook for positioningSkyhook based on Intel Place Lab, uses WiFi localizationWe also use a database provided by CMU to determine name of locationEach WiFi access point has an associated place nameNewell-Simon Hall 2504
Mobile phone version uses Intel POLS for positioningPOLS uses GSM towers for localizationDoesnt work well in Pittsburgh, not enough GSM towers
Users can Specify RulesAlso generates human-readable description of rule
More Rules
Can Also Specify Places in Rules
User FeedbackBalloon Pop-UpBasic feedback (currently only for laptops)
User FeedbackRequest History
User FeedbackRequest History
History Also Used for Audits and ML
History Also Used for Audits and ML
System Architecture
System ArchitectureCentralized architectureLocation stored in a server rather than on end-user devicesDoesnt this go against design goals of Place Lab, POLS, and your dissertation, Jason?
Some Musings on PrivacyNo users even asked about this issueWould likely only be small subset of tech-savvy usersEasier upgrades (think service vs app)Made it very easy to add laptop functionalityMakes Last seen feature possibleBetter performance for some features (ex. querying groups)
Lab StudiesGoal: how well does Machine Learning work for learning prefs?
Setup19 participantsAsked to create initial rule setGo thru a 30 scenarios where someone requested locationWhat their rule would doWhether they agreed with ruleOption to change their rules
Lab StudiesUsers not very accurate~5 min to create rules, 8 min if include refining rules#Rules ranged 1-10, ~5 rulesWeak correlation between time spent and accuracy
Case-based reasoning yielded pretty good resultsCaveat: scenarios probed unusual situations, may not mirror actual practice
Field TrialsThree different groups (not simultaneous)15 team members amongst ourselves, 6 wks7 MBA students, 2 wks6 people involved in organizing Spring Carnival, 9 daysAsked or paid people to audit, to see accuracy
Usage uneven#Requests ranged from single digits to 100s Looking at top 12 heavy users, accuracy of rules ~79%
People tended to relax rules over timeInitially were conservative, allowed more use later on
Lessons Thus FarSurprisingly few concerns about privacyNo user expressed strong privacy concernsFeature requests were always non-privacy relatedIf low usage, due to not enough utility, not due to privacy
Does this mean our privacy is good enough, or is this because of users attitudes and behaviors?Hard to tell
Users Attitudes and BehaviorsWestin identified three clusters of people wrt attitudes toward commercial entitiesFundamentalists (~25%)Unconcerned (~10%)Pragmatists (~65%)
We need something like this for ubicompBut for personal privacy rather than for commercial entitiesWith more fine-grained segmentation Fundamentalists include techno-libertarians and ludditesPragmatists include too busy, not enough value, etcBetter segmentation would help us understand if our privacy is good enough
Users Attitudes and BehaviorsNeed to tie better with adoption models
Lessons Thus FarAlso need to consider cost-benefit issues
Lowering CostsMaking rule creation easier and fasterFacebook widget, avoid yet another social network problemLinking with instant messagingPhone with GPS built-in rather than separate deviceIncreasing BenefitsSpeed of getting someones locationGetting multiple peoples locationsFinding location of people not on listQuality of location (accuracy, place names)
Lessons Thus FarCritical mass a huge problemStarted with mobile phones, but high-end phones so we could only deploy a few at a timeLaptop version helped address this problemBelieve Facebook widget will overcome this problem
People did not use history and auditing features oftenPrimarily because we asked or paid themIMBuddy: But seemed to feel better knowing it was there!Other features to assuage concerns, even if not used?
Our Next StepsFacebook widget and larger studyAdding more featuresMore contextual info, interruptibility and window nameSimplified user interfaceSimplifying the privacy modelSupporting common patterns (co-workers only when at work, family and close friends always, etc)
End-User Privacy in HCI137 page article surveying privacy in HCI and CSCWForthcoming in the new Foundations and Trends journal, in a few weeks
AcknowledgementsNSF Cyber Trust CNS-0627513NSF IIS CNS-0433540ARO DAAD19-02-0389France TelecomNokiaIBMSkyhook
Need BruceNeed LujoNeed Mike Reiter