Default Privacy Setting Prediction by Grouping User’s Attributes and Settings Preferences

  • Toru Nakamura
  • Welderufael B. Tesfay
  • Shinsaku Kiyomoto
  • Jetzabel Serna
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10436)

Abstract

While user-centric privacy settings are important to protect the privacy of users, often users have difficulty changing the default ones. This is partly due to lack of awareness and partly attributed to the tediousness and complexities involved in understanding and changing privacy settings. In previous works, we proposed a mechanism for helping users set their default privacy settings at the time of registration to Internet services, by providing personalised privacy-by-default settings. This paper evolves and evaluates our privacy setting prediction engine, by taking into consideration users’ settings preferences and personal attributes (e.g. gender, age, and type of mobile phone). Results show that while models built on users’ privacy preferences have improved the accuracy of our scheme; grouping users by attributes does not make an impact in the accuracy. As a result, services potentially using our prediction engine, could minimize the collection of user attributes and based the prediction only on users’ privacy preferences.

Keywords

Privacy preference Privacy setting Machine learning 

Notes

Acknowledgment

This research work has been supported by JST CREST Grant Number JPMJCR1404, Japan.

References

  1. 1.
    Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005)CrossRefGoogle Scholar
  2. 2.
    Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM symposium on Applied computing, SAC 2004, pp. 375–382 (2004)Google Scholar
  3. 3.
    Bekara, K., Ben Mustapha, Y., Laurent, M.: XPACML extensible privacy access control markup langua. In: 2010 Second International Conference on Communications and Networking (ComNet), pp. 1–5 (2010)Google Scholar
  4. 4.
    Bell, G.: A personal digital store. Commun. ACM 44(1), 86–91 (2001). http://doi.acm.org/10.1145/357489.357513 CrossRefGoogle Scholar
  5. 5.
    Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: Stated preferences vs. actual behavior. Commun. ACM 48(4), 101–106 (2005)CrossRefGoogle Scholar
  6. 6.
    Buffett, S., Fleming, M.W.: Applying a preference modeling structure to user privacy. In: Proceedings of the 1st International Workshop on Sustaining Privacy in Autonomous Collaborative Environments (2007)Google Scholar
  7. 7.
    Cranor, L.: P3P: making privacy policies more useful. IEEE Secur. Priv. 1(6), 50–55 (2003)CrossRefGoogle Scholar
  8. 8.
    Dehghantanha, A., Udzir, N., Mahmod, R.: Towards a pervasive formal privacy language. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 1085–1091 (2010)Google Scholar
  9. 9.
    Fang, L., Kim, H., LeFevre, K., Tami, A.: A privacy recommendation wizard for users of social networking sites. In: Proceedings of the 17th ACM conference on Computer and communications security, pp. 630–632. ACM (2010)Google Scholar
  10. 10.
    Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th international conference on World wide web, pp. 351–360. ACM (2010)Google Scholar
  11. 11.
    Guo, S., Chen, K.: Mining privacy settings to find optimal privacy-utility tradeoffs for social network services. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2012 International Confernece on Social Computing (SocialCom), pp. 656–665 (2012)Google Scholar
  12. 12.
    Jensen, C., Potts, C., Jensen, C.: Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1–2), 203–227 (2005)CrossRefGoogle Scholar
  13. 13.
    Kelley, P.G., Hankes Drielsma, P., Sadeh, N., Cranor, L.F.: User-controllable learning of security and privacy policies. In: Proceedings of the 1st ACM workshop on Workshop on AISec, AISec 2008, pp. 11–18 (2008)Google Scholar
  14. 14.
    Kiyomoto, S., Nakamura, T., Takasaki, H., Watanabe, R., Miyake, Y.: PPM: privacy policy manager for personalized services. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 377–392. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40588-4_26 CrossRefGoogle Scholar
  15. 15.
    Madejski, M., Johnson, M., Bellovin, S.: A study of privacy settings errors in an online social network. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 340–345 (2012)Google Scholar
  16. 16.
    Mugan, J., Sharma, T., Sadeh, N.: Understandable learning of privacy preferences through default personas and suggestions (2011)Google Scholar
  17. 17.
    Nakamura, T., Kiyomoto, S., Tesfay, W.B., Serna, J.: Personalised privacy by default preferences - experiment and analysis. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP, vol. 1, pp. 53–62 (2016)Google Scholar
  18. 18.
    Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)CrossRefGoogle Scholar
  19. 19.
    Sadeh, N., Hong, J., Cranor, L., Fette, I., Kelley, P., Prabaker, M., Rao, J.: Understanding and capturing people’s privacy policies in a mobile social networking application. Pers. Ubiquit. Comput. 13(6), 401–412 (2009)CrossRefGoogle Scholar
  20. 20.
    Solove, D.J.: Privacy self-management and the consent paradox. In: Harvard Law Rev. 126 (2013)Google Scholar
  21. 21.
    Tondel, I., Nyre, A., Bernsmed, K.: Learning privacy preferences. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 621–626 (2011)Google Scholar
  22. 22.
    Tøndel, I.A., Nyre, Å.A.: Towards a similarity metric for comparing machine-readable privacy policies. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 89–103. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27585-2_8 CrossRefGoogle Scholar
  23. 23.
    W3C: The platform for privacy preferences 1.0 (P3P1.0) specificati. In: Platform for Privacy Preferences (P3P) Project (2002)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Toru Nakamura
    • 1
  • Welderufael B. Tesfay
    • 2
  • Shinsaku Kiyomoto
    • 1
  • Jetzabel Serna
    • 2
  1. 1.KDDI Research, Inc.SaitamaJapan
  2. 2.Chair of Mobile Business and Multilateral SecurityGoethe University FrankfurtFrankfurt Am MainGermany

Personalised recommendations