Information Disclosure Profiles for Segmentation and Recommendation

755 views

Published on

Presented at the SOUPS 2014 workshop on Privacy Personas and Segmentation (PPS).

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
755
On SlideShare
0
From Embeds
0
Number of Embeds
117
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Disclosure Profiles for Segmentation and Recommendation

  1. 1. Information Disclosure Profiles for Segmentation and Recommendation ! Bart Knijnenburg, UC Irvine www.usabart.nl @usabart
  2. 2. Outline We need a new approach to (online) privacy Moving beyond the one-size-fits-all approach Privacy segmentation: a practical primer How to create disclosure dimensions and privacy profiles Towards user-tailored privacy decision support The privacy adaptation procedure
  3. 3. HUP HOLLAND HUP!
  4. 4. Privacy Calculus Transparency and control are meant to empower users to regulate their privacy at the desired level, but: – Simple notices aren’t useful, but detailed ones are too complex EULA versus smoking warning labels; Coventry et al. – Informing users about privacy makes them more wary about it accessibility of attitudes; Coopamootoo & Groß – User claim they want full control, but eschew the hassle of exploiting it as mentioned by Coppens et al. – Users’ decisions fall prey to numerous decision biases as mentioned by Coopamootoo & Groß
  5. 5. Privacy Calculus Most systems are much too complex – Facebook’s privacy controls are “Labyrinthian” – Its privacy policy is longer than the US constitution
  6. 6. Privacy Calculus Most systems are much too complex – Facebook’s privacy controls are “Labyrinthian” – Its privacy policy is longer than the US constitution
  7. 7. Privacy Calculus Many users lack the resources needed to navigate the complex privacy landscape cf. “knowledge gaps”; Urban & Hoofnagle, Kraus et al. Conclusion: Transparency and control do not work – “a red herring”; Barocas & Nissenbaum 2009 – “paradigm has failed”; Nissenbaum 2011 – “fail to provide people with meaningful control”; Solove 2013
  8. 8. Privacy Nudges Subtle yet persuasive cues… (e.g. justifications, defaults) …that create a choice architecture… …that encourages wanted behavior and inhibits unwanted behavior
  9. 9. Privacy Nudges For disclosure, what is the right direction of a nudge? – Less disclosure = less threat, but harder to enjoy the benefits – More disclosure = more benefits, but some may feel threat – Going for the average (e.g. “smart default”, Smith et al. 2013): impossible, because people vary too much Solution: move beyond the one-size-fits-all approach!
  10. 10. Beyond One-Size-Fits-All My idea: give people privacy recommendations “Figure out what people want, then help them do that.” First step: find determinants of privacy decisions – Characteristics of the user – What information is being requested – The recipient of the information
  11. 11. Privacy Segmentation Knijnenburg, Kobsa, and Jin. “Dimensionality 
 of Information Disclosure Behavior” 
 In: IJHCS 71(12) 2013 http://bit.ly/privdim
  12. 12. Privacy Segmentation Disclosure behaviors are multidimensional Different people have different tendencies to disclose different types of information as mentioned by Preibusch Not one “disclosure tendency”, but several! There exist distinct groups of people with different disclosure profiles Groups of people with similar tendencies
  13. 13. Privacy Segmentation Privacy groups, that sounds familiar... Privacy fundamentalists, pragmatists, and unconcerned Westin et al., 1981; Harris et al., 2003 Ours is different: – Based on behavior rather than attitudes – Not just a difference in degree, but a difference in kind
  14. 14. Methodology Step 4Step 3 Step 2Step 1 I1 I2 I3 I4 I5 I6 I7 I8 I9 I10 f1 f2 f2 ? I2 I3 I4 I6 I7 I8 I9 f1 f2 I5 I10I1 I2 I3 I4 I6 I7 I8 I9 f1 f2 c I2 I3 I4 I6 I7 I8 I9 c compare 2 classes? 3 classes? 4 classes? Step 5 I2 I3 I4 I6 I7 I8 I9 f1 f2 fa fb Step 6 I2 I3 I4 I6 I7 I8 I9 f1 f2 cfa fb
  15. 15. Methodology Step 4Step 3 Step 2Step 1 I1 I2 I3 I4 I5 I6 I7 I8 I9 I10 f1 f2 f2 ? I2 I3 I4 I6 I7 I8 I9 f1 f2 I5 I10I1 I2 I3 I4 I6 I7 I8 I9 f1 f2 c I2 I3 I4 I6 I7 I8 I9 c compare 2 classes? 3 classes? 4 classes? Step 5 I2 I3 I4 I6 I7 I8 I9 f1 f2 fa fb Step 6 I2 I3 I4 I6 I7 I8 I9 f1 f2 cfa fb Exploratory Factor Analysis ! How many dimensions are there? Confirmatory Factor Analysis ! What is the correct 
 dimensional structure? Mixture Factor Analysis ! What are the privacy profiles, given these dimensions? Latent Class Analysis ! Do the profiles replicate 
 without these dimensions? Structural Equation Modeling ! What predicts different types 
 of disclosure? CFA with covariates (MIMIC) ! Do the profiles differ on 
 these predictors?
  16. 16. Dataset 2: Dimensions Type of data ID Items Facebook activity 1 Wall 2 Status updates 3 Shared links 4 Notes 5 Photos Location 6 Hometown 7 Location (city) 8 Location (state/province) Contact info 9 Residence (street address) 11 Phone number 12 Email address Life/interests 13 Religious views 14 Interests (favorite movies, etc.) 15 Facebook groups “What?” = Four dimensions
  17. 17. 159 pps tend to share little information overall (LowD) 26 pps tend to share activities and interests (Act+IntD) 50 pps tend to share location and interests (Loc+IntD) 65 pps tend to share everything but contact info (Hi-ConD) 59 pps tend to share everything “Who?” = Five disclosure profiles Dataset 2: Profiles
  18. 18. Dataset 2: Predictors
  19. 19. Privacy Recommendation My idea: a privacy adaptation procedure: First step: Predict users’ behaviors Based on users’ privacy profile, type of info, recipient, etc. Second step: Provide tailored support Smart/adaptive defaults See http://bit.ly/decisions2013
  20. 20. Privacy Recommendation Example: user X – Classification: user has profile that is okay with Location and Interests but not Activity and Contact Info – Tailored support: restrict the audience of her posts (activity) by default, but reveal her current city (location) in her public profile Example: user Y – Classification: user has profile that is okay with Activity and Interests but not Location and Contact Info – Tailored support: disclose posts publicly by default (activity), but refrain from geo-tagging them (location)
  21. 21. Privacy Recommendation Determine the item-. user-, and recipient-type Select the defaults and justifications that fit best for this context pshare = f(tu(user),ti(item),tr(recipient)) OUTPUT INPUT {user, item, recipient} {defaults, justifications}
  22. 22. Privacy Recommendation The privacy adaptation procedure: – Relieves some of the burden of controlling privacy, while at the same time respecting each individual’s preferences – Refrains from making moral judgments about what the “right” level of privacy should be The best way forward to support people’s privacy decisions!

×