Information Disclosure Profiles

for Segmentation and Recommendation !

Bart Knijnenburg, UC Irvine www.usabart.nl

@usabart

Outline

We need a new approach to (online) privacyMoving beyond the one-size-fits-all approach

Privacy segmentation: a practical primerHow to create disclosure dimensions and privacy profiles

Towards user-tailored privacy decision supportThe privacy adaptation procedure

HUP HOLLAND HUP!

Privacy CalculusTransparency and control are meant to empower users to regulate their privacy at the desired level, but:– Simple notices aren’t useful, but detailed ones are too complex

EULA versus smoking warning labels; Coventry et al.

– Informing users about privacy makes them more wary about it accessibility of attitudes; Coopamootoo & Groß

– User claim they want full control, but eschew the hassle of exploiting it

as mentioned by Coppens et al.

– Users’ decisions fall prey to numerous decision biases as mentioned by Coopamootoo & Groß

Privacy Calculus

Most systems are much too complex– Facebook’s privacy

controls are “Labyrinthian” – Its privacy policy is longer

than the US constitution

Privacy Calculus

Most systems are much too complex– Facebook’s privacy

controls are “Labyrinthian” – Its privacy policy is longer

than the US constitution

Privacy Calculus

Many users lack the resources needed to navigate the complex privacy landscape

cf. “knowledge gaps”; Urban & Hoofnagle, Kraus et al.

Conclusion: Transparency and control do not work– “a red herring”; Barocas & Nissenbaum 2009 – “paradigm has failed”; Nissenbaum 2011 – “fail to provide people with meaningful control”; Solove 2013

Privacy NudgesSubtle yet persuasive cues…

(e.g. justifications, defaults)

…that create a choice architecture…

…that encourages wanted behavior and inhibits unwanted behavior

Privacy NudgesFor disclosure, what is the right direction of a nudge?– Less disclosure = less threat, but harder to enjoy the

benefits – More disclosure = more benefits, but some may feel threat – Going for the average (e.g. “smart default”, Smith et al.

2013): impossible, because people vary too much

Solution: move beyond the one-size-fits-all approach!

Beyond One-Size-Fits-All

My idea: give people privacy recommendations“Figure out what people want, then help them do that.”

First step: find determinants of privacy decisions– Characteristics of the user – What information is being requested – The recipient of the information

Privacy Segmentation

Knijnenburg, Kobsa, and Jin. “Dimensionality of Information Disclosure Behavior”

In: IJHCS 71(12) 2013

http://bit.ly/privdim

Privacy SegmentationDisclosure behaviors are multidimensional

Different people have different tendencies to disclose different types of information

as mentioned by Preibusch

Not one “disclosure tendency”, but several!

There exist distinct groups of people with different disclosure profiles

Groups of people with similar tendencies

Privacy Segmentation

Privacy groups, that sounds familiar...Privacy fundamentalists, pragmatists, and unconcerned

Westin et al., 1981; Harris et al., 2003

Ours is different: – Based on behavior rather than attitudes – Not just a difference in degree, but a difference in kind

Methodology

Step 4Step 3

Step 2Step 1

I1 I2 I3 I4 I5 I6 I7 I8 I9 I10

f1 f2 f2 ?

I2 I3 I4 I6 I7 I8 I9

f1 f2

I5 I10I1

I2 I3 I4 I6 I7 I8 I9

f1 f2

c

I2 I3 I4 I6 I7 I8 I9

ccompare

2 classes? 3 classes? 4 classes?

Step 5

I2 I3 I4 I6 I7 I8 I9

f1 f2

fa fbStep 6

I2 I3 I4 I6 I7 I8 I9

f1 f2

cfa fb

Methodology

Step 4Step 3

Step 2Step 1

I1 I2 I3 I4 I5 I6 I7 I8 I9 I10

f1 f2 f2 ?

I2 I3 I4 I6 I7 I8 I9

f1 f2

I5 I10I1

I2 I3 I4 I6 I7 I8 I9

f1 f2

c

I2 I3 I4 I6 I7 I8 I9

ccompare

2 classes? 3 classes? 4 classes?

Step 5

I2 I3 I4 I6 I7 I8 I9

f1 f2

fa fbStep 6

I2 I3 I4 I6 I7 I8 I9

f1 f2

cfa fb

Exploratory Factor Analysis !

How many dimensions are there?

Confirmatory Factor Analysis !

What is the correct dimensional structure?

Mixture Factor Analysis !

What are the privacy profiles, given these dimensions?

Latent Class Analysis !

Do the profiles replicate without these dimensions?

Structural Equation Modeling !

What predicts different types of disclosure?

CFA with covariates (MIMIC) !

Do the profiles differ on these predictors?

Dataset 2: DimensionsType of data ID Items

Facebook activity

1 Wall2 Status updates3 Shared links4 Notes5 Photos

Location6 Hometown7 Location (city)8 Location (state/province)

Contact info9 Residence (street address)11 Phone number12 Email address

Life/interests13 Religious views14 Interests (favorite movies, etc.)15 Facebook groups

“What?” =

Four dimensions

159 pps tend to share little information overall (LowD) 26 pps tend to share activities and interests (Act+IntD) 50 pps tend to share location and interests (Loc+IntD) 65 pps tend to share everything but contact info (Hi-ConD) 59 pps tend to share everything

“Who?” =

Five disclosure

profiles

Dataset 2: Profiles

Dataset 2: Predictors

Privacy Recommendation

My idea: a privacy adaptation procedure:

First step: Predict users’ behaviorsBased on users’ privacy profile, type of info, recipient, etc.

Second step: Provide tailored supportSmart/adaptive defaults

See http://bit.ly/decisions2013

Privacy RecommendationExample: user X – Classification: user has profile that is okay with Location and

Interests but not Activity and Contact Info – Tailored support: restrict the audience of her posts (activity) by

default, but reveal her current city (location) in her public profile

Example: user Y– Classification: user has profile that is okay with Activity and

Interests but not Location and Contact Info – Tailored support: disclose posts publicly by default (activity),

but refrain from geo-tagging them (location)

Privacy RecommendationDetermine the item-. user-, and recipient-type Select the defaults and justifications that fit best for this context

pshare = f(tu(user),ti(item),tr(recipient))

OU

TPUTIN

PUT

{user, item, recipient} {defaults, justifications}

Privacy Recommendation

The privacy adaptation procedure:– Relieves some of the burden of controlling privacy, while at

the same time respecting each individual’s preferences – Refrains from making moral judgments about what the

“right” level of privacy should be

The best way forward to support people’s privacy decisions!