100 likes | 217 Views
Presence, Privacy and Service Personalization CFP PrivSec WG Launch – August 19, 2005. Edward Mitukiewicz France Telecom (RD/ILAB/BOS). Outline. Assorted musings to facilitate future CFP PrivSec WG discussions Focused on the complexities of managing privacy-aware presence
E N D
Presence, Privacy and Service PersonalizationCFP PrivSec WG Launch – August 19, 2005 Edward Mitukiewicz France Telecom (RD/ILAB/BOS)
Outline • Assorted musings to facilitate future CFP PrivSec WG discussions • Focused on the complexities of managing privacy-aware presence • Limited to a few illustrative examples based on some lessons from a particular prototyping project and ideas from recently published research papers • …NOT an attempt to • Develop a general problem statement and/or comprehensive issue list (albeit doing this and/or describing the current landscape seems to be a good idea!) • Consider broader topics of trust/identity management – e.g., in the context of collecting, mining, distributing and protecting sensitive personal data
Multiple, uncoordinated control points – difficult to manage Call handling preferences – call waiting: divert or accept Messaging specific options – IM Device controls – on/off, sounds/alerts Control settings – preferences, cookies, tokens Integrated policy-based solutions – too complex for the user Who do you want to communicate with and under what circumstances How do you want to communicate when and where What information should be shared with whom under what circumstances Which policy should be activated when … Privacy Management: Current Practices
Users like service personalization, but want control over What, how and when relevant data is collected, processed and published How such data is used – e.g., ONLY to provide a better service Service providers recognize the “added value” potential of personalization – enabled by the availability of data on user interactions with services Conversion of such data into usable information is difficult – e.g., integration of bits and pieces of data from multiple sources Using that info to provide a better user experience usually requires Compliance with the applicable regulations User consent – often limited to a specific and context dependent purpose Personalization: Opportunities & Risks
Value of presence grows with the richness and reliability of the available data (“see/be seen before you communicate” ) e.g., location, availability and communication preferences Information disclosure restrictions and preferences (e.g., “only to authorized parties and only the minimum required”) – considering Granularity of the available data – access to all vs. certain subsets Exact vs. “blurred” responses Requestor specific vs. ”one-size-fits-all” responses Personalization requirements add more complexities … Presence and Privacy: See What?
Users tend to share their location info selectively Users decisions depended on who was requesting the location info, why the requester wanted it, and what level of detail would be most useful Study participants were typically willing to disclose either the most useful detail or nothing about their location Privacy control becomes a critical issue in the development of location-aware communications Users want to stay in control of their location information – the challenge is to enable them to do this effectively Privacy management has to help users to disclose location in order to facilitate interpersonal interactions – without raising any fears of being monitored User Location: Intel Study (CHI2005) Source: Intel Research – Consolvo et al. http://guir.berkeley.edu/pubs/chi2005/p486-consolvo.pdf
Peoples’ willingness to share information seems to depend primarily on who they are sharing it with Same privacy preferences are more likely to be applied to the same inquirer in different situations than to different inquirers in the same situation – this could help to reduce the underlying complexities and simplify the UI Clustering might help to specify and refine over time what users wish to share with whom in what situation Information items AND peoples’ views of others they wish to share certain types of information with tend to cluster into a manageable set of categories Privacy Preferences: More Studies Sources: UCalBerkely and UofMich/Microsoft Research http://guir.berkeley.edu/pubs/chi2003/lederer-chi03.pdf http://research.microsoft.com/~horvitz/privacy_CHI2005.pdf
Combining address book info with inferences – based on user’s location, calendar and “context aware” privacy policies – could allow for some see before you communicate and be seen enhancements Although such presence-aware privacy controls might help users to decide if, when and how others can see their location and/or communicate, user interface complexity becomes a problem… Presence and Privacy: Illustrative Example Your friends are there “Friend Tracker” You are here Source:
Obscuring potential or actual information flow Users should understand the extent of a system’s potential for disclosure – e.g., privacy implication of Low vs. High settings? – AND what information is actually being disclosed to whom – e.g., browser cookies? Emphasizing configuration over action Designs should not require excessive configuration to manage privacy! Lacking coarse-grained control Designs should not forgo a top-level mechanism for halting/resuming disclosure – e.g., simple mechanism for excluding the current purchase from a shopping profile Inhibiting existing practice Designs should not inhibit users from transferring established social practice to emerging technologies – e.g., support for a social nuance: there could be value in keeping the caller ignorant of the reason for not answering the phone Privacy Management: Design Pitfalls Source: UCB – Scott Lederer et al. http://www.cs.cmu.edu/~jasonh/publications/puc2004-five-pitfalls.pdf