1 / 26

Power Strips, Prophylactics, and Privacy, Oh My!

Power Strips, Prophylactics, and Privacy, Oh My!. Julia Gideon, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. Privacy Good!. Users claim to value privacy More and more are concerned Top concerns Insecure transactions Data sharing Theft of data Lost revenue

ulric
Download Presentation

Power Strips, Prophylactics, and Privacy, Oh My!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti

  2. Privacy Good! • Users claim to value privacy • More and more are concerned • Top concerns • Insecure transactions • Data sharing • Theft of data • Lost revenue • By 2006, $24.5B lost (Juniper Research, 2002) • More online shopping with privacy guarantees

  3. Privacy Policies • Users like notices • In theory… • Rapid adoption • Problems • Comprehension • Hard to find • Lengthy • Subject to changing without notice • There must be a better way!

  4. Platform for Privacy Preferences Project (P3P) • Developed by the World Wide Web Consortium (W3C) http://www.w3.org/p3p/ • Final P3P1.0 Recommendation issued 16 April 2002 • Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Can be deployed using existing web servers • Enables the development of tools (built into browsers or separate applications) that • Summarize privacy policies • Compare policies with user preferences • Alert and advise users • P3P support built into IE6 and Netscape 7

  5. Privacy Bird • Free download of beta from http://privacybird.com/ • Originally developed at AT&T Labs • Released as open source • “Browser helper object” for IE6 • Reads P3P policies at all P3P-enabled sites automatically • Bird icon at top of browser window indicates whether site matches user’s privacy preferences • Clicking on bird icon gives more information

  6. Chirping bird is privacy indicator

  7. Red bird indicates mismatch

  8. Privacy settings

  9. Why can’t somebody else do it?

  10. Privacy Finder • Prototype developed at AT&T Labs, improved and deployed by CUPS • Multiple search APIs • Locates P3P policies • Compares with user’s preferences • Reorders annotated search results • Users can retrieve “Privacy Report” similar to Privacy Bird policy summary

  11. But Is It Useful? • Do users care about web site privacy? • Have enough web sites adopted P3P that typical search results contain sites with P3P policies? • Do users have meaningful choices among privacy policies? • Do users understand information provided by Privacy Finder? • Does Privacy Finder influence online purchasing decisions?

  12. Let’s Find Out! • Observe purchase decisions • Surveys • 5 Point Likert • Between groups • 24 Participants • “Shopping Finder” • Static pages • Multiple products • No price incentive • Shipping option

  13. Privacy Preferences • Data sharing • Financial (100% opposed) • Medical (92% opposed) • Non-personal information (33% opposed) • Opt-out (96% opposed) • Access (96% favor) • Marketing • Telephone (92% opposed) • Email/Postal (88% opposed)

  14. Medium Preference Level • Warn when… • Site collects health or medical information for analysis or marketing. • Site shares health or medical information with others. • Site shares financial information with others. • Site does not allow me to opt-out from marketing lists. • Sites shares personally identifiable information with others. • Sites does not allow me to see the information collected on me. • But do their actions follow?

  15. Results • …not really

  16. Results • Acting on privacy concerns • Privacy Finder helps • Green bird purchases • Condoms • Experimental: 8/12 • Control: 2/12 • Power strips • Experimental: 4/12 • Control: 1/12 • Red bird purchases • Condoms • Experimental: 1/12 • Control: 7/12 • Power strips • Experimental: 2/12 • Control: 2/12

  17. Results • Product privacy concerns • Condoms (p < 0.025) • Power strips (not significant) • Price *may* matter • Lower prices in control group • Condoms: $13.96 vs. $12.63 • Power strips: $17.04 vs. $16.47

  18. Exit Survey • More concerns with condoms (p < 0.008) • Discreet packaging • Credit statement • Order history • Group differences • Data security (experimental: 50%, control: 0) • Misunderstood symbols • 50% thought green bird means encryption • Experimental concerns addressed by P3P • 90% said bird influenced decision

  19. Privacy Information • Privacy Reports • Four read them • Four could not find them • Three were not interested • Privacy Policies • One third read them • Two read Privacy Report but not policy • Trusted Privacy Finder • Birds • Five avoided red birds • False trust

  20. Limitations & Future Work • More control needed • Evenly distributed birds • Trust icons for both groups • Click logs • Price information • Incentives • Result order • Trust icon • Boxes vs. birds

  21. Privacy Finder http://search.privacybird.com/

  22. CMUUsablePrivacy andSecurity Laboratory http://cups.cs.cmu.edu/

More Related