Sharing Information with Web Services – A Mental Model Approach in the Context of Optional Information

  • Oksana Kulyk
  • Benjamin Maximilian Reinheimer
  • Melanie Volkamer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10292)


Web forms are a common way for web service providers to collect data from their users. Usually, the users are asked for a lot of information while some items are labeled as optional and others as mandatory. When filling in the web form, users have to decide, which data, often of personal and sensitive nature, they want to share. The factors that influence the decision whether or not to share some information has been studied in the literature in various contexts. However, it is unclear to which extent their results can be transferred to other contexts. In this work we conduct a qualitative user study to verify, whether the reasons for sharing optional information from previous studies [12] are relevant for the context of interacting with a commercial website. We found, that only a few of them were named by the participants of our study.


Web forms Optional fields Mental models Interviews 



This work has been co-funded by the DFG as part of project D.1 within the RTG 2050 “Privacy and Trust for Mobile Users”. This research has also received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 653454. It has also been supported by the German Federal Ministry of Education and Research (BMBF) as well as by the Hessen State Ministry for Higher Education, Research and the Arts within CRISP.


  1. 1.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-commerce: examining user scenarios and privacy preferences. In: 1st ACM Conference on Electronic Commerce, pp. 1–8. ACM (1999)Google Scholar
  2. 2.
    Adams, A., Sasse, M.A.: Privacy in multimedia communications: protecting users, not just data. In: Blandford, A., Vanderdonckt, J., Gray, P. (eds.) People and Computers XV - Interaction Without Frontiers, pp. 49–64. Springer, London (2001)CrossRefGoogle Scholar
  3. 3.
    Alkaldi, N., Renaud, K.: Why do people adopt, or reject, smartphone password managers? In: EuroUSEC 2016: European Workshop on Usable Security, vol. 18, pp. 1–14 (2016)Google Scholar
  4. 4.
    Böhme, R., Pötzsch, S.: Collective exposure: peer effects in voluntary disclosure of personal data. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 1–15. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27576-0_1 CrossRefGoogle Scholar
  5. 5.
    Egelman, S., Peer, E.: Predicting privacy and security attitudes. ACM SIGCAS Comput. Soc. 45(1), 22–28 (2015)CrossRefGoogle Scholar
  6. 6.
    Knijnenburg, B.P., Kobsa, A., Jin, H.: Counteracting the negative effect of form auto-completion on the privacy calculus. In: ICIS 2013: International Conference on Information Systems. AIS eLibrary (2013)Google Scholar
  7. 7.
    Korff, S., Böhme, R.: Too much choice: end-user privacy decisions in the context of choice proliferation. In: SOUpPS 2014: Symposium on Usable Privacy and Security, pp. 69–87. USENIX (2014)Google Scholar
  8. 8.
    Krämer, N.C., Haferkamp, N.: Online self-presentation: balancing privacy concerns and impression construction on social networking sites. In: Trepte, S., Reinecke, L. (eds.) Privacy Online, pp. 127–141. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Krol, K., Preibusch, S.: Control versus effort in privacy warnings for webforms. In: WPES 2016: ACM on Workshop on Privacy in the Electronic Society, pp. 13–23. ACM (2016)Google Scholar
  10. 10.
    Kulyk, O., Gerber, P., El Hanafi, M., Reinheimer, B., Renaud, K., Volkamer, M.: Encouraging privacy-aware smartphone app. installation: what would the technically-adept do. In: USEC 2016: Usable Security Workshop. Internet Society (2016)Google Scholar
  11. 11.
    Malheiros, M., Preibusch, S., Sasse, M.A.: “Fairly truthful”: the impact of perceived effort, fairness, relevance, and sensitivity on personal data disclosure. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 250–266. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38908-5_19 CrossRefGoogle Scholar
  12. 12.
    Preibusch, S., Krol, K., Beresford, A.R.: The privacy economics of voluntary over-disclosure in web forms. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 183–209. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t jane protect her privacy? In: Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 244–262. Springer, Cham (2014). doi: 10.1007/978-3-319-08506-7_13 Google Scholar
  14. 14.
    The European Parliament and of the Council of European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (2016),, last accessed on 10.02.2017
  15. 15.
    Volkamer, M., Renaud, K.: Mental models – general introduction and review of their application to human-centred security. In: Fischlin, M., Katzenbeisser, S. (eds.) Number Theory and Cryptography. LNCS, vol. 8260, pp. 255–280. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42001-6_18 Google Scholar
  16. 16.
    Volkamer, M., Renaud, K., Kulyk, O., Emeröz, S.: A socio-technical investigation into smartphone security. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 265–273. Springer, Cham (2015). doi: 10.1007/978-3-319-24858-5_17 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Oksana Kulyk
    • 2
  • Benjamin Maximilian Reinheimer
    • 2
  • Melanie Volkamer
    • 1
    • 2
  1. 1.Karlstad UniversityKarlstadSweden
  2. 2.Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations