Personal and Ubiquitous Computing

, Volume 13, Issue 6, pp 401–412 | Cite as

Understanding and capturing people’s privacy policies in a mobile social networking application

  • Norman Sadeh
  • Jason Hong
  • Lorrie Cranor
  • Ian Fette
  • Patrick Kelley
  • Madhu Prabaker
  • Jinghai Rao
Original Article

Abstract

A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software, suggesting that broad adoption may only happen to the extent that these concerns are adequately addressed. In this article, we report on our work on PeopleFinder, an application that enables cell phone and laptop users to selectively share their locations with others (e.g. friends, family, and colleagues). The objective of our work has been to better understand people’s attitudes and behaviors towards privacy as they interact with such an application, and to explore technologies that empower users to more effectively and efficiently specify their privacy preferences (or “policies”). These technologies include user interfaces for specifying rules and auditing disclosures, as well as machine learning techniques to refine user policies based on their feedback. We present evaluations of these technologies in the context of one laboratory study and three field studies.

References

  1. 1.
    Aha DW, Kibler D, Albert MK (1991) Instance-based learning algorithms. Mach Learn 6:37–66Google Scholar
  2. 2.
    Barkhuus L (2004) Privacy in location-based services, concern vs. coolness. In: Proceedings of workshop paper in mobile HCI 2004 workshop: location system privacy and control. Glasgow, UKGoogle Scholar
  3. 3.
    Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55CrossRefGoogle Scholar
  4. 4.
    Canny J, Duan T (2004) Protecting user data in ubiquitous computing environments: towards trustworthy environments. In: Proceedings of privacy-enhancing technologies (PET). TorontoGoogle Scholar
  5. 5.
    Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-Controllable security and privacy for pervasive computing. In: Proceedings of the 8th IEEE workshop on mobile computing systems and applications (HotMobile 2007)Google Scholar
  6. 6.
    Consolvo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, & what people want to share. In: Proceedings of CHI 2005, conference on human factors in computing systems, ACM Press, pp 82–90Google Scholar
  7. 7.
    Gruteser M, Grunwald D (2002) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the first international conference on mobile systems, applications, and services (MobiSys 2002)Google Scholar
  8. 8.
    Grudin J, Horvitz E (2003) Presenting choices in context: approaches to information sharing. Workshop on Ubicomp communities: privacy as boundary negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers.htm
  9. 9.
    Harper RH (1996) Why people do and don’t wear active badges: a case study. In: Proceedings of computer supported cooperative work (CSCW96), pp 297–318Google Scholar
  10. 10.
    Hightower J, Borriello G (2001) Location systems for ubiquitous computing. IEEE Comput 34:57–66Google Scholar
  11. 11.
    Ho TK (1995) Random decision forest. In: Proceedings of the 3rd international conference on document analysis and recognition. Montreal, Canada, pp 278–282Google Scholar
  12. 12.
    Hong JI (2005) An architecture for privacy-sensitive ubiquitous computing. University of California at Berkeley, BerkeleyGoogle Scholar
  13. 13.
    Hong JI, Landay JA (2004) An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the second international conference on mobile systems, applications, and services. Boston, MA, pp 177–189Google Scholar
  14. 14.
    Hsieh G, Tang KP, Low WY, Hong JI (2007) Field deployment of IMBuddy: a study of privacy control and feedback mechanisms for contextual IM. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007)Google Scholar
  15. 15.
    Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquitous Comput 7(1):70–79CrossRefGoogle Scholar
  16. 16.
    Khalil A, Connelly K (2006) Context-aware telephony: privacy preferences and sharing patterns. In: Proceedings of computer supported collaborative work (CSCW 2006)Google Scholar
  17. 17.
    Krumm J (2007) Inference attacks on location tracks. In: Proceedings of fifth international conference on pervasive computing (Pervasive 2007). Toronto, Ontario May 13–16, 2007Google Scholar
  18. 18.
    Krumm J (2007) A survey of computational location privacy. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007), workshop on privacy. Innsbruck, Austria, May 13–16, 2007Google Scholar
  19. 19.
    LaMarca A, Chawathe Y, Consolvo S, Hightower J, Smith I, Scott J, Sohn T, Howard HJJ, Potter F, Tabert J, Powledge P, Borriello G, Schilit BN (2005) Place lab: device positioning using radio beacons in the wild. In: Proceedings of international conference on pervasive computing (pervasive 2005) (to appear)Google Scholar
  20. 20.
    Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of extended abstracts of CHI 2003, ACM conference on human factors in computing systems. Fort Lauderdale, FL, pp 724–725Google Scholar
  21. 21.
    Palen L, Dourish P (2003) Unpacking “privacy” for a networked world. CHI Letters (human factors in computing systems: CHI 2003) 5(1):129–136Google Scholar
  22. 22.
    Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the SIGCHI conference on human factors in computing systems (CHI 2005), pp 101–110Google Scholar
  23. 23.
    Priyantha NB, Chakraborty A, Balakrishnan H (2000) The cricket location-support system. In: Proceedings of MobiCom 2000: the sixth annual international conference on mobile computing and networking. ACM Press, Boston, pp 32–43Google Scholar
  24. 24.
    Rastogi V, Walbourne E, Khoussainova N, Kriplean R, Balazinska M, Borriello G, Kohno T, Suciu D (2007) Expressing privacy policies using authorization views. In: Proceedings of 9th international conference on ubiquitous computing (workshop on privacy). Innsbruck, Austria, May 13–16, 2007Google Scholar
  25. 25.
    Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the mycampus experience, in ambient intelligence and pervasive computing In: Pedrycz TVaW (ed). ArTech HouseGoogle Scholar
  26. 26.
    Sohn T, Varshavsky A, LaMarca A, Chen MY, Choudhury T, Smith I, Consolvo S, Griswold W (2006) Mobility detection using everyday GSM traces. In: Proceedings of 9th international conference on ubiquitous computing (Ubicomp 2007). Irvine, CAGoogle Scholar
  27. 27.
    Tang KP, Keyani P, Fogarty J, Hong JI (2006) Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In: Proceedings of conference on human factors in computing systems. Montréal, Québec, Canada. ACM Press, New York, pp 93–102. http://doi.acm.org/10.1145/1124772.1124788
  28. 28.
    Want R, Hopper A, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10(1):91–102CrossRefGoogle Scholar
  29. 29.

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  • Norman Sadeh
    • 1
  • Jason Hong
    • 1
  • Lorrie Cranor
    • 1
  • Ian Fette
    • 1
  • Patrick Kelley
    • 1
  • Madhu Prabaker
    • 1
  • Jinghai Rao
    • 1
  1. 1.ISR, School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations