Abstract
With the rapid deployment of Internet of Things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices, and designing new tools for data protection. To address these challenges, the prior research focused on identifying user’s privacy preferences in different contexts of IoT usage, user’s mental model of security threats, and their privacy practices for a specific type of IoT device (e.g., smart speaker). However, there is a dearth in existing literature to understand the mismatch between user’s perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. To address these issues, we conducted a lab study with 42 participants, where we compared the data practices stated in the privacy policy of 28 IoT devices with the participants’ perceptions of data collection, sharing, and protection. Our findings provide insights into the mismatched privacy perceptions of users, which lead to our recommendations on designing simplified privacy notice by highlighting the unexpected data practices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
List of IoT Devices, compiled by Mozilla Foundation: https://mzl.la/2zOK4II.
- 2.
Qualtrics is an online survey platform used to create, distribute, collect, and analyze survey data (www.qualtrics.com).
- 3.
References
Davinson, N., Sillence, E.: Using the health belief model to explore users’ perceptions of ‘being safe and secure’ in the world of technology mediated financial transactions. Int. J. Hum Comput Stud. 72(2), 154–168 (2014)
Emami-Naeini, P., Dixon, H., Agarwal, Y., Cranor, L.F.: Exploring how privacy and security factor into IoT device purchase behavior. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, p. 534. ACM (2019)
Kaplan, D.: Majority of Americans have an IoT device - and they’re open to advertising, December 15, 2016, https://geomarketing.com/majority-of-americans-have-an-iot-device
Lau, J., Zimmerman, B., Schaub, F.: Alexa, are you listening?: Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. In: Proceedings of the ACM on Human-Computer Interaction, pp. 1–31 (2018)
Malkin, N., Deatrick, J., Tong, A., Wijesekera, P., Egelman, S., Wagner, D.: Privacy attitudes of smart speaker users. Proc. Priv. Enhan. Technol. 2019(4), 250–271 (2019)
McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3
Naeini, P.E., Bhagavatula, S., Habib, H., Degeling, M., Bauer, L., Cranor, L.F., Sadeh, N.: Privacy expectations and preferences in an IoT world. In: Thirteenth Symposium on Usable Privacy and Security, pp. 399–412 (2017)
Page, X., Bahirat, P., Safi, M.I., Knijnenburg, B.P., Wisniewski, P.: The internet of what? Understanding differences in perceptions and adoption for the internet of things. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2(4) (2018)
Patel, K.K., Patel, S.M., et al.: Internet of things-IoT: Definition, characteristics, architecture, enabling technologies, application & future challenges. Int. J. Eng. Sci. Comput. 6(5) (2016)
Rao, A., Schaub, F., Sadeh, N., Acquisti, A., Kang, R.: Expecting the unexpected: Understanding mismatched privacy expectations online. In: Twelfth Symposium on Usable Privacy and Security, pp. 77–96 (2016)
Schaub, F., Balebako, R., Durity, A.L., Cranor, L.F.: A design space for effective privacy notices. In: Eleventh Symposium on Usable Privacy and Security, pp. 1–17 (2015)
Zeng, E., Mare, S., Roesner, F.: End user security and privacy concerns with smart homes. In: Thirteenth Symposium on Usable Privacy and Security, pp. 65–80 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Al-Ameen, M.N., Chauhan, A., Ahsan, M.A.M., Kocabas, H. (2020). “Most Companies Share Whatever They Can to Make Money!”: Comparing User’s Perceptions with the Data Practices of IoT Devices. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2020. IFIP Advances in Information and Communication Technology, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-030-57404-8_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-57404-8_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57403-1
Online ISBN: 978-3-030-57404-8
eBook Packages: Computer ScienceComputer Science (R0)
