location-sharing technologies: privacy risks and controls
DESCRIPTION
Location-sharing technologies: Privacy risks and controls. Lorrie Faith Cranor. Outline. Locating Technologies Location Risk/Benefit Survey Location-Sharing Applications and Privacy Controls Locaccino. Locating Technologies. Global Positioning System. WiFi Positioning. - PowerPoint PPT PresentationTRANSCRIPT
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 1
CyLab Usable Privacy and Security Laboratoryhttp://cups.cs.cmu.edu/
Location-sharing technologies: Privacy risks and controls
Lorrie Faith Cranor
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 2
Outline
Locating Technologies Location Risk/Benefit Survey Location-Sharing Applications and Privacy
Controls Locaccino
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 3
Locating Technologies
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 4
Global Positioning System
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 5
WiFi Positioning
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 6
Cellular Triangulation
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 7
IP Location
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 8
Locating Technologies Platforms
– Laptop computers– Mobile phones
Applications– Advertising/Marketing
• Location-based advertising– Information services
• Directions• Find the nearest …• Local weather, local events
– People finding• Meet new friends, play games, socialize• Coordination• Monitor kids, employees, elderly
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 9
Location Risk/Benefit Survey
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 10
Method
Conducted April 2008, n = 587 Provided list of use scenarios
– Rate the likelihood of scenario– Rate the magnitude of harm or benefits
Ranked each risk/benefit
Expected Utility = Likelihood * Magnitude
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 11
Location-Sharing Applications
Not very useful People are concerned about their privacy Risks outweigh benefits
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 12
Benefit Scenarios
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 13
Risk Scenarios
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 14
Location-Sharing Applications and Privacy Controls
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 15
Privacy features
Most current location sharing services allow sharing to be either on or off, per person
Many have a “make me invisible feature” (e.g. Loopt and Brightkite)
Some have the ability to limit by location granularity (e.g. Google Latitude and FireEagle)
Commercial services don’t have fine-grained privacy controls or ability to see who is tracking your location
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 16
Loopt privacy settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 17
Loopt privacy settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 18
Google Lattitude privacy settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 19
Google Lattitude privacy settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 20
Google Lattitude privacy settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 21
Location-Sharing Applications
Reviewed 89 Applications in August 2009– Date of Launch– Privacy Policy– Privacy Controls– Immediately Accessible Privacy Settings
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 22
Privacy Overview
Types of Applications– Open: Requested by anyone (52)– Closed: Requested by friends only (29)
Category Yes No Unknown Not Applicable
Privacy Policy 66% 34% - -
Privacy Controls 76% 17% 1% 6%
Accessible Privacy Settings 17% 75% 2% 6%
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 23
Types of Restrictions
Friends Only (49.4%) Granularity (11.2%) Blacklist (15.7%) Invisible (33.7%)
% of applications
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 24
Types of Restrictions
Per-Request (2.25%) Time-Expiring (2.25%)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 25
Most Frequent Controls
Friends Only (49.4%) Invisible (33.7%)
% of applications
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 26
Privacy Controls
Frequency of Restrictions
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 27
Best ways to mitigate the greatest expected risks Blacklist (16%) Granularity (12%) Group-based rules (12%) Location-based rules (1%) Time-based rules (1%)
% of applications
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 28
Recommendations for developers
Need for more expressive privacy controls in most applications
Providing expressive controls could reduce concerns
Developers must balance expressiveness and user burden
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 29
Recommendations for users
Understand why you want to use location-sharing application (social, coordination, etc.)
Find application well-suited to your needs Configure privacy controls Avoid public posting of your location with
your real name
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 30
http://locaccino.org
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 31
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 32
Friends around me
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 33
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 34
Editing rules
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 35
Editing location restrictions
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 36
Who can see me?
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 37
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 38
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 39
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 40
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 41
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 42
Inviting friends
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 43
Clients
Android Symbian Mac + PC
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 44
Cylab Usable Privacy and Security Laboratory
http://cups.cs.cmu.edu/