Personal and Ubiquitous Computing

, Volume 15, Issue 7, pp 679–694 | Cite as

Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs

  • Michael BenischEmail author
  • Patrick Gage Kelley
  • Norman Sadeh
  • Lorrie Faith Cranor
Original Article


We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500 h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one’s location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects’ preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today’s location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.


Privacy and security Location sharing Usability Mobile and pervasive computing 



This work has been supported by a Siebel Scholarship and NSF grants CNS-0627513, CNS-0905562, CNS-1012763. This research was also supported by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273 from the Army Research Office. Additional support has been provided by Nokia, France Telecom, Google, and the CMU/Portugal Information and Communication Technologies Institute. The authors would also like to thank Paul Hankes-Drielsma, Janice Tsai, Tuomas Sandholm, Lucian Cesca, Jialiu Lin, Tony Poor, Eran Toch, Kami Vaniea, and Jianwei Niu for their assistance with our study.


  1. 1.
    Barkhuus L, Brown B, Bell M, Hall M, Sherwood S, Chalmers M (2008) From awareness to repartee: sharing location within social groups. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  2. 2.
    Barkhuus L, Dey A (2003) Location-based services for mobile telephony: a study of users’ privacy concerns. In: Proceedings of the international conference on human-computer interaction (INTERACT)Google Scholar
  3. 3.
    Benisch M, Sadeh N, Sandholm T (2008) A theory of expressiveness in mechanisms. In: Proceedings of the national conference on artificial intelligence (AAAI)Google Scholar
  4. 4.
    Benisch M, Sadeh N, Sandholm T (2009) Methodology for designing reasonably expressive mechanisms with application to ad auctions. In: Proceedings of the international joint conference on artificial intelligence (IJCAI)Google Scholar
  5. 5.
    Burghardt T, Buchmann E, Müller J, Böhm K (2009) Understanding user preferences and awareness: privacy mechanisms in location-based services. In: Proceedings of the onthemove conferences (OTM)Google Scholar
  6. 6.
    Connelly K, Khalil A, Liu Y (2007) Do I do what I say? Observed versus stated privacy preferences. In: Proceedings of the international conference on human-computer interaction (INTERACT)Google Scholar
  7. 7.
    Consolovo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, and what people want to share. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  8. 8.
    Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-controllable security and privacy for pervasive computing. In: Proceedings of the workshop on mobile computing systems and applicationsGoogle Scholar
  9. 9.
    Gonzalez MC, Hidalgo CA, Barabasi A-L (2008) Understanding individual human mobility patterns. Nature 453(7196):779–782Google Scholar
  10. 10.
    K Group (2009) BIA’s The Kelsey Group Forecasts U.S. mobile local search advertising revenues to reach $1.3B in 2013.
  11. 11.
    Hightower J, LaMarca A, Smith IE (2006) Practical lessons from place lab. IEEE Pervasive Comput 5(3):32–39CrossRefGoogle Scholar
  12. 12.
    Huang S, Proulx F, Ratti C (2007) iFIND: a Peer-to-Peer application for real-time location monitoring on the MIT campus. In: International conference on computers in urban planning and urban management (CUPUM)Google Scholar
  13. 13.
    Iachello G, Smith I, Consolovo S, Abowd G, Hughes J, Howard J, Potter F, Scott J, Sohn T, Hightower J, LaMarca A (2005) Control, deception, and communication: evaluating the deployment of a location-enhanced messaging service. In: Proceedings of the international conference on ubiquitous computing (UbiComp)Google Scholar
  14. 14.
    Kelley PG, Benisch M, Sadeh N, Cranor LF (2010) When are users comfortable sharing locations with advertisers? Technical Report CMU-ISR-10-126, Carnegie Mellon UniversityGoogle Scholar
  15. 15.
    Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  16. 16.
    Mazurek M, Arsenault J, Bresee J, Gupta N, Ion I, Johns C, Lee D, Liang Y, Olsen J, Salmon B, Shay R, Vaniea K, Bauer L, Cranor L, Ganger G, Reiter M (2010) Access control for home data sharing: attitudes, needs and practices. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  17. 17.
    Miller CC, Wortham J (2010) Technology aside, most people still decline to be located.
  18. 18.
    Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  19. 19.
    Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the MyCampus experience. In: Vasilakos T, Pedrycz W (eds) Ambient intelligence and pervasive computing. ArTech House, NorwoodGoogle Scholar
  20. 20.
    Sadeh N, Hong J, Cranor L, Fette I, Kelley P, Prabaker M, Rao J (2009) Understanding and capturing people’s privacy policies in a mobile social networking application. J Pers Ubiquit Comput 13(6):401–412CrossRefGoogle Scholar
  21. 21.
    Simon HA (1957) Models of man. Wiley, New YorkGoogle Scholar
  22. 22.
    Smith I, Consolovo S, LaMarca A, Hightower J, Scott J, Sohn T, Hughes J, Iachello G, Abowd G (2005) Social disclosure of place: from location technology to communication practices. In: Lecture notes in computer science: pervasive computing, pp 134–151Google Scholar
  23. 23.
    Toch E, Cranshaw J, Drielsma PH, Tsai JY, Kelley PG, Springfield J, Cranor L, Hong J, Sadeh N (2010) Empirical models of privacy in location sharing. In: International conference on Ubiquitous Computing (UbiComp), Copenhagen, DenmarkGoogle Scholar
  24. 24.
    Tsai J, Kelley P, Cranor L, Sadeh N (2009) Location-sharing technologies: privacy risks and controls. In: Research conference on communication, information and internet policy (TPRC)Google Scholar
  25. 25.
    Tsai J, Kelley P, Drielsma PH, Cranor LF, Hong J, Sadeh N (2009) Who’s viewed you? The impact of feedback in a mobile-location system. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
  26. 26.
    Wang Y, Lin J, Annavaram M, Jacobson QA, Hong J, Krishnamachari B, Sadeh N (2009) A framework of energy efficient mobile sensing for automatic user state recognition. In: International conference on mobile systems, applications, and services (MobiSys)Google Scholar
  27. 27.
    Want R, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10:91–102CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2010

Authors and Affiliations

  • Michael Benisch
    • 1
    Email author
  • Patrick Gage Kelley
    • 1
  • Norman Sadeh
    • 1
  • Lorrie Faith Cranor
    • 1
  1. 1.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations