Norman Sadeh's Presentation


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In this presentation, we describe our work so far on the UCPL implementation for location sharing. THe main reason we show it here is a) to get feedback, and b) to start a discussion on how, or whether, this is relevant to other security systems
  • Norman Sadeh's Presentation

    1. 1. Norman M. Sadeh Professor, Carnegie Mellon University Chief Scientist, Zipano Technologies, Inc. Privacy, Location and Social Networking
    2. 2. Can We Reconcile Social Networking and Privacy?
    3. 3. “ You Can’t Argue With Success” <ul><li>Soon 600M Facebook Users </li></ul><ul><li>Perhaps privacy doesn’t matter? </li></ul>
    4. 4. Even Facebook Doesn’t Think That <ul><li>“ The debate about privacy is really a debate about control…By giving people that control, we enable them to share more stuff.” </li></ul><ul><li>Mark Zuckerberg, founder of Facebook </li></ul>
    5. 5. Yet Despite 170 Privacy Settings…
    6. 6. What Is Going On?
    7. 7. Locaccino <ul><li>Gives us access to detailed usage data </li></ul><ul><li>Allows us to experiment with different technologies </li></ul><ul><li>Over tens of thousands of downloads over the past 2 years (> 130 countries) </li></ul><ul><li>Departs from commercial apps: </li></ul><ul><ul><li>Expressive privacy settings </li></ul></ul><ul><ul><li>Auditing functionality </li></ul></ul><ul><li>Android Market, Nokia Ovi store, iPhone client, laptop clients </li></ul>September 2010 - Slide
    8. 8. Can You Find a Good Default Policy? Green: Share Red: Don’t <ul><li>Location sharing preferences with CMU campus community </li></ul><ul><li>Sample of 30 users </li></ul><ul><li>Red: Don’t Disclose </li></ul><ul><li>Green: Disclose </li></ul>
    9. 9. The Problem with Default Settings <ul><li>People tend not to modify their default settings </li></ul><ul><li>… Too often Facebook & Co. would like us to start as if we were all “green” </li></ul>
    10. 10. … Rich Preferences… <ul><ul><li>Loopt & Latitude: Failure due to conservative defaults & restrictive settings (“white lists”) </li></ul></ul>
    11. 11. Here’s the Real Kicker! <ul><li>More than 2x the sharing with Facebook Friends! </li></ul><ul><li>2.5 x times the sharing with advertisers!! </li></ul>Users just err on the safe side in setting up their preferences
    12. 12. … But How Do You Achieve This?
    13. 13. … Canonical Privacy Personas
    14. 14. <ul><li>Pittsburgh, PA </li></ul>Shopping and Dining University Residential Location Entropy
    15. 15. Intrinsic Privacy Preferences Users are more comfortable sharing locations with high entropy
    16. 16. Auditing Functionality
    17. 17. Impact of Auditing Auditing No Auditing Average: 122 hr/week Average: 101 hr/week
    18. 18. Engaging Users with Suggestions (patent pending) Mon Tue Wed Thu Fri Sat Sun Colleagues Spouse Friends John Mike Steve Dave Pat Helen Chuck Mike Sue Legend: Access granted Suggested Rule Change Audited Request Audit says Deny Access Audit says Grant Access Possible new rule Possible rule modification Possible new group
    19. 19. <ul><li>Not really… </li></ul><ul><li>… but we need to help users find their comfort level rather than push aggressive default settings on them </li></ul><ul><ul><li>Understandable personas </li></ul></ul><ul><ul><li>Auditing </li></ul></ul><ul><ul><li>Dialogues & suggestions </li></ul></ul>So…Are They Irreconcilable?
    20. 20. <ul><li>Minimize future “regret” </li></ul><ul><li>Use preferences of like-minded users who have been using the app for 6 months to: </li></ul><ul><ul><li>Suggest starting preferences </li></ul></ul><ul><ul><li>Help users refine their preferences </li></ul></ul>… Or Even Nudging Users….
    21. 21. Moving Away from “Disclose” vs. “Do Not Disclose ” <ul><li>“ I’m shopping”, “I’m out of town”, … </li></ul>September 2010 - Slide
    22. 22. So Is There Room for Innovation? <ul><li>We just discussed location </li></ul><ul><li>Mobile & social networking: wide range of contextual attributes, apps and services </li></ul><ul><li>Ultimately, we will need privacy agents to assist us </li></ul><ul><ul><li>Intelligent and capable of asking users just the right questions at the right time </li></ul></ul>September 2010 - Slide
    23. 23. Locaccino: A First Success Story
    24. 24. Q&A Research at the Mobile Commerce Lab is funded by the US National Science Foundation, the US Army Research Office, CMU CyLab, Microsoft, Google, Nokia, France Telecom, and ICTI The User-Controllable Privacy Platform on top of which Locaccino is built is now commercialized by Zipano Technologies .
    25. 25. Relevant Publications - I <ul><li>Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and Jinghai Rao. Understanding and Capturing People’s Privacy Policies in a Mobile Social Networking Application Journal of Personal and Ubiquitous Computing 2009. </li></ul><ul><li>Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden? PETS ’09. </li></ul><ul><li>Janice Tsai, Patrick Kelley, Paul Hankes Drielsma, Lorrie Cranor, Jason Hong, and Norman Sadeh. Who’s Viewed You? The Impact of Feedback in a Mobile-location System. CHI ’09. </li></ul><ul><li>Patrick Kelley, Paul Hankes Drielsma, Norman Sadeh, Lorrie Cranor. User Controllable Learning of Security and Privacy Policies. AISec 2008. </li></ul><ul><li>Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Lorrie Faith Cranor.  Capturing Location Privacy Preferences: Quantifying Accuracy and User Burden Tradeoffs.  CMU-ISR Tech Report 10-105, March 2010. Accepted for publication in Journal of Personal and Ubiquitous Computing </li></ul><ul><li>Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Lorrie Faith Cranor, Capturing Location-Privacy Preferences: Quantifying Accuracy and User-Burden Tradeoffs. CMU-ISR Tech Report 10-105, March 2010 </li></ul><ul><li>Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh. User-Controllable Security and Privacy for Pervasive Computing. The 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007). 2007. </li></ul><ul><li>Norman Sadeh, Fabien Gandon and Oh Buyng Kwon. Ambient Intelligence: The MyCampus Experience School of Computer Science, Carnegie Mellon University, Technical Report CMU-ISRI-05-123, July 2005. </li></ul>
    26. 26. Relevant Publications - II <ul><li>P. Gage Kelley, M. Benisch, L. Cranor and N. Sadeh, “When Are Users Comfortable Sharing Locations with Advertisers”, in Proceedings of the 29 th annual SIGCHI Conference on Human Factors in Computing Systems, CHI2011, May 2011. Also available as CMU School of Computer Science Technical Report, CMU-ISR-10-126 and CMU CyLab Tech Report CMU-CyLab-10-017. </li></ul><ul><li>J. Cranshaw, E. Toch, J. Hong, A. Kittur, N. Sadeh, &quot;Bridging the Gap Between Physical Location and Online Social Networks&quot;, in Proceedings of the Twelfth International Conference on Ubiquitous Computing. Ubicomp 2010 </li></ul><ul><li>E. Toch, J. Cranshaw, P.H. Drielsma, J. Y. Tsai, P. G. Kelley, L. Cranor, J. Hong, N. Sadeh, &quot;Empirical Models of Privacy in Location Sharing&quot;, in Proceedings of the Twelfth International Conference on Ubiquitous Computing. Ubicomp 2010 </li></ul><ul><li>Jialiu Lin, Guang Xiang, Jason I. Hong, and Norman Sadeh, &quot;Modeling People’s Place Naming Preferences in Location Sharing&quot;, Proc. of  the 12th ACM International Conference on Ubiquitous Computing, Copenhagen, Denmark, Sept 26-29, 2010. </li></ul><ul><li>Karen Tang, Jialiu Lin, Jason Hong, Norman Sadeh, Rethinking Location Sharing: Exploring the Implications of Social-Driven vs. Purpose-Driven Location Sharing. Proc. of  the 12th ACM International Conference on Ubiquitous Computing, Copenhagen, Denmark, Sept 26-29, 2010. </li></ul>
    27. 27. Some Press Coverage <ul><li>Startup Zipano sells privacy software to control who can find you, Pittsburgh Post Gazette </li></ul><ul><li>“ As Location-Sharing Services Grow, Privacy Concerns Do Too”, Wall Street Journal </li></ul><ul><li>“ The Mobile Net: Why to Worry about Privacy Regs”, Business Week </li></ul><ul><li>“ Now You Can Track Colleages and Students on Your Laptop”, Chronicle of Higher Education </li></ul>September 2010 - Slide