information disclosure profiles for segmentation and recommendation
DESCRIPTION
Presented at the SOUPS 2014 workshop on Privacy Personas and Segmentation (PPS).TRANSCRIPT
Information Disclosure Profiles
for Segmentation and Recommendation !
Bart Knijnenburg, UC Irvine www.usabart.nl
@usabart
Outline
We need a new approach to (online) privacyMoving beyond the one-size-fits-all approach
Privacy segmentation: a practical primerHow to create disclosure dimensions and privacy profiles
Towards user-tailored privacy decision supportThe privacy adaptation procedure
HUP HOLLAND HUP!
Privacy CalculusTransparency and control are meant to empower users to regulate their privacy at the desired level, but:– Simple notices aren’t useful, but detailed ones are too complex
EULA versus smoking warning labels; Coventry et al.
– Informing users about privacy makes them more wary about it accessibility of attitudes; Coopamootoo & Groß
– User claim they want full control, but eschew the hassle of exploiting it
as mentioned by Coppens et al.
– Users’ decisions fall prey to numerous decision biases as mentioned by Coopamootoo & Groß
Privacy Calculus
Most systems are much too complex– Facebook’s privacy
controls are “Labyrinthian” – Its privacy policy is longer
than the US constitution
Privacy Calculus
Most systems are much too complex– Facebook’s privacy
controls are “Labyrinthian” – Its privacy policy is longer
than the US constitution
Privacy Calculus
Many users lack the resources needed to navigate the complex privacy landscape
cf. “knowledge gaps”; Urban & Hoofnagle, Kraus et al.
Conclusion: Transparency and control do not work– “a red herring”; Barocas & Nissenbaum 2009 – “paradigm has failed”; Nissenbaum 2011 – “fail to provide people with meaningful control”; Solove 2013
Privacy NudgesSubtle yet persuasive cues…
(e.g. justifications, defaults)
…that create a choice architecture…
…that encourages wanted behavior and inhibits unwanted behavior
Privacy NudgesFor disclosure, what is the right direction of a nudge?– Less disclosure = less threat, but harder to enjoy the
benefits – More disclosure = more benefits, but some may feel threat – Going for the average (e.g. “smart default”, Smith et al.
2013): impossible, because people vary too much
Solution: move beyond the one-size-fits-all approach!
Beyond One-Size-Fits-All
My idea: give people privacy recommendations“Figure out what people want, then help them do that.”
First step: find determinants of privacy decisions– Characteristics of the user – What information is being requested – The recipient of the information
Privacy Segmentation
Knijnenburg, Kobsa, and Jin. “Dimensionality of Information Disclosure Behavior”
In: IJHCS 71(12) 2013
http://bit.ly/privdim
Privacy SegmentationDisclosure behaviors are multidimensional
Different people have different tendencies to disclose different types of information
as mentioned by Preibusch
Not one “disclosure tendency”, but several!
There exist distinct groups of people with different disclosure profiles
Groups of people with similar tendencies
Privacy Segmentation
Privacy groups, that sounds familiar...Privacy fundamentalists, pragmatists, and unconcerned
Westin et al., 1981; Harris et al., 2003
Ours is different: – Based on behavior rather than attitudes – Not just a difference in degree, but a difference in kind
Methodology
Step 4Step 3
Step 2Step 1
I1 I2 I3 I4 I5 I6 I7 I8 I9 I10
f1 f2 f2 ?
I2 I3 I4 I6 I7 I8 I9
f1 f2
I5 I10I1
I2 I3 I4 I6 I7 I8 I9
f1 f2
c
I2 I3 I4 I6 I7 I8 I9
ccompare
2 classes? 3 classes? 4 classes?
Step 5
I2 I3 I4 I6 I7 I8 I9
f1 f2
fa fbStep 6
I2 I3 I4 I6 I7 I8 I9
f1 f2
cfa fb
Methodology
Step 4Step 3
Step 2Step 1
I1 I2 I3 I4 I5 I6 I7 I8 I9 I10
f1 f2 f2 ?
I2 I3 I4 I6 I7 I8 I9
f1 f2
I5 I10I1
I2 I3 I4 I6 I7 I8 I9
f1 f2
c
I2 I3 I4 I6 I7 I8 I9
ccompare
2 classes? 3 classes? 4 classes?
Step 5
I2 I3 I4 I6 I7 I8 I9
f1 f2
fa fbStep 6
I2 I3 I4 I6 I7 I8 I9
f1 f2
cfa fb
Exploratory Factor Analysis !
How many dimensions are there?
Confirmatory Factor Analysis !
What is the correct dimensional structure?
Mixture Factor Analysis !
What are the privacy profiles, given these dimensions?
Latent Class Analysis !
Do the profiles replicate without these dimensions?
Structural Equation Modeling !
What predicts different types of disclosure?
CFA with covariates (MIMIC) !
Do the profiles differ on these predictors?
Dataset 2: DimensionsType of data ID Items
Facebook activity
1 Wall2 Status updates3 Shared links4 Notes5 Photos
Location6 Hometown7 Location (city)8 Location (state/province)
Contact info9 Residence (street address)11 Phone number12 Email address
Life/interests13 Religious views14 Interests (favorite movies, etc.)15 Facebook groups
“What?” =
Four dimensions
159 pps tend to share little information overall (LowD) 26 pps tend to share activities and interests (Act+IntD) 50 pps tend to share location and interests (Loc+IntD) 65 pps tend to share everything but contact info (Hi-ConD) 59 pps tend to share everything
“Who?” =
Five disclosure
profiles
Dataset 2: Profiles
Dataset 2: Predictors
Privacy Recommendation
My idea: a privacy adaptation procedure:
First step: Predict users’ behaviorsBased on users’ privacy profile, type of info, recipient, etc.
Second step: Provide tailored supportSmart/adaptive defaults
See http://bit.ly/decisions2013
Privacy RecommendationExample: user X – Classification: user has profile that is okay with Location and
Interests but not Activity and Contact Info – Tailored support: restrict the audience of her posts (activity) by
default, but reveal her current city (location) in her public profile
Example: user Y– Classification: user has profile that is okay with Activity and
Interests but not Location and Contact Info – Tailored support: disclose posts publicly by default (activity),
but refrain from geo-tagging them (location)
Privacy RecommendationDetermine the item-. user-, and recipient-type Select the defaults and justifications that fit best for this context
pshare = f(tu(user),ti(item),tr(recipient))
OU
TPUTIN
PUT
{user, item, recipient} {defaults, justifications}
Privacy Recommendation
The privacy adaptation procedure:– Relieves some of the burden of controlling privacy, while at
the same time respecting each individual’s preferences – Refrains from making moral judgments about what the
“right” level of privacy should be
The best way forward to support people’s privacy decisions!