Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs
- 754 Downloads
- 41 Citations
Abstract
We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500 h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one’s location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects’ preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today’s location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.
Keywords
Privacy and security Location sharing Usability Mobile and pervasive computingNotes
Acknowledgments
This work has been supported by a Siebel Scholarship and NSF grants CNS-0627513, CNS-0905562, CNS-1012763. This research was also supported by CyLab at Carnegie Mellon under grants DAAD19-02-1-0389 and W911NF-09-1-0273 from the Army Research Office. Additional support has been provided by Nokia, France Telecom, Google, and the CMU/Portugal Information and Communication Technologies Institute. The authors would also like to thank Paul Hankes-Drielsma, Janice Tsai, Tuomas Sandholm, Lucian Cesca, Jialiu Lin, Tony Poor, Eran Toch, Kami Vaniea, and Jianwei Niu for their assistance with our study.
References
- 1.Barkhuus L, Brown B, Bell M, Hall M, Sherwood S, Chalmers M (2008) From awareness to repartee: sharing location within social groups. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 2.Barkhuus L, Dey A (2003) Location-based services for mobile telephony: a study of users’ privacy concerns. In: Proceedings of the international conference on human-computer interaction (INTERACT)Google Scholar
- 3.Benisch M, Sadeh N, Sandholm T (2008) A theory of expressiveness in mechanisms. In: Proceedings of the national conference on artificial intelligence (AAAI)Google Scholar
- 4.Benisch M, Sadeh N, Sandholm T (2009) Methodology for designing reasonably expressive mechanisms with application to ad auctions. In: Proceedings of the international joint conference on artificial intelligence (IJCAI)Google Scholar
- 5.Burghardt T, Buchmann E, Müller J, Böhm K (2009) Understanding user preferences and awareness: privacy mechanisms in location-based services. In: Proceedings of the onthemove conferences (OTM)Google Scholar
- 6.Connelly K, Khalil A, Liu Y (2007) Do I do what I say? Observed versus stated privacy preferences. In: Proceedings of the international conference on human-computer interaction (INTERACT)Google Scholar
- 7.Consolovo S, Smith I, Matthews T, LaMarca A, Tabert J, Powledge P (2005) Location disclosure to social relations: why, when, and what people want to share. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 8.Cornwell J, Fette I, Hsieh G, Prabaker M, Rao J, Tang K, Vaniea K, Bauer L, Cranor L, Hong J, McLaren B, Reiter M, Sadeh N (2007) User-controllable security and privacy for pervasive computing. In: Proceedings of the workshop on mobile computing systems and applicationsGoogle Scholar
- 9.Gonzalez MC, Hidalgo CA, Barabasi A-L (2008) Understanding individual human mobility patterns. Nature 453(7196):779–782Google Scholar
- 10.K Group (2009) BIA’s The Kelsey Group Forecasts U.S. mobile local search advertising revenues to reach $1.3B in 2013. http://www.kelseygroup.com/press
- 11.Hightower J, LaMarca A, Smith IE (2006) Practical lessons from place lab. IEEE Pervasive Comput 5(3):32–39CrossRefGoogle Scholar
- 12.Huang S, Proulx F, Ratti C (2007) iFIND: a Peer-to-Peer application for real-time location monitoring on the MIT campus. In: International conference on computers in urban planning and urban management (CUPUM)Google Scholar
- 13.Iachello G, Smith I, Consolovo S, Abowd G, Hughes J, Howard J, Potter F, Scott J, Sohn T, Hightower J, LaMarca A (2005) Control, deception, and communication: evaluating the deployment of a location-enhanced messaging service. In: Proceedings of the international conference on ubiquitous computing (UbiComp)Google Scholar
- 14.Kelley PG, Benisch M, Sadeh N, Cranor LF (2010) When are users comfortable sharing locations with advertisers? Technical Report CMU-ISR-10-126, Carnegie Mellon UniversityGoogle Scholar
- 15.Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 16.Mazurek M, Arsenault J, Bresee J, Gupta N, Ion I, Johns C, Lee D, Liang Y, Olsen J, Salmon B, Shay R, Vaniea K, Bauer L, Cranor L, Ganger G, Reiter M (2010) Access control for home data sharing: attitudes, needs and practices. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 17.Miller CC, Wortham J (2010) Technology aside, most people still decline to be located. http://www.nytimes.com/2010/08/30/technology/30location.html
- 18.Patil S, Lai J (2005) Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 19.Sadeh N, Gandon F, Kwon OB (2006) Ambient intelligence: the MyCampus experience. In: Vasilakos T, Pedrycz W (eds) Ambient intelligence and pervasive computing. ArTech House, NorwoodGoogle Scholar
- 20.Sadeh N, Hong J, Cranor L, Fette I, Kelley P, Prabaker M, Rao J (2009) Understanding and capturing people’s privacy policies in a mobile social networking application. J Pers Ubiquit Comput 13(6):401–412CrossRefGoogle Scholar
- 21.Simon HA (1957) Models of man. Wiley, New YorkGoogle Scholar
- 22.Smith I, Consolovo S, LaMarca A, Hightower J, Scott J, Sohn T, Hughes J, Iachello G, Abowd G (2005) Social disclosure of place: from location technology to communication practices. In: Lecture notes in computer science: pervasive computing, pp 134–151Google Scholar
- 23.Toch E, Cranshaw J, Drielsma PH, Tsai JY, Kelley PG, Springfield J, Cranor L, Hong J, Sadeh N (2010) Empirical models of privacy in location sharing. In: International conference on Ubiquitous Computing (UbiComp), Copenhagen, DenmarkGoogle Scholar
- 24.Tsai J, Kelley P, Cranor L, Sadeh N (2009) Location-sharing technologies: privacy risks and controls. In: Research conference on communication, information and internet policy (TPRC)Google Scholar
- 25.Tsai J, Kelley P, Drielsma PH, Cranor LF, Hong J, Sadeh N (2009) Who’s viewed you? The impact of feedback in a mobile-location system. In: Proceedings of the conference on human factors in computing systems (CHI)Google Scholar
- 26.Wang Y, Lin J, Annavaram M, Jacobson QA, Hong J, Krishnamachari B, Sadeh N (2009) A framework of energy efficient mobile sensing for automatic user state recognition. In: International conference on mobile systems, applications, and services (MobiSys)Google Scholar
- 27.Want R, Falcão V, Gibbons J (1992) The active badge location system. ACM Trans Inf Syst 10:91–102CrossRefGoogle Scholar