norman sadeh's presentation
DESCRIPTION
TRANSCRIPT
Norman M. SadehProfessor, Carnegie Mellon University
Chief Scientist, Zipano Technologies, Inc.
Privacy, Location and Social Privacy, Location and Social NetworkingNetworking
Copyright © 2007-2011 Norman M. Sadeh
Can We Reconcile Social Networking
and Privacy?
Copyright © 2007-2011 Norman M. Sadeh
“You Can’t Argue With Success”
Soon 600M Facebook Users
Perhaps privacy doesn’t
matter?
Copyright © 2007-2011 Norman M. Sadeh
Even Facebook Doesn’t Think That
“The debate about privacy is really a debate about control…By giving people that control, we enable them to share more stuff.”
Mark Zuckerberg, founder of Facebook
Copyright © 2007-2011 Norman M. Sadeh
Yet Despite 170 Privacy Settings…
What Is Going On?
Copyright © 2007-2011 Norman M. Sadeh September 2010 - Slide 7
Locaccino
Gives us access to detailed usage data
Allows us to experiment with different technologies
Over tens of thousands of downloads over the past 2 years (> 130 countries)
Departs from commercial apps: Expressive privacy settings Auditing functionality
Android Market, Nokia Ovi store, iPhone client, laptop clients
www.locaccino.org
Copyright © 2007-2011 Norman M. Sadeh
Can You Find a Good Default Policy?
Green: Share
Red: Don’t•Location sharing preferences with CMU campus community•Sample of 30 users•Red: Don’t Disclose•Green: Disclose
Copyright © 2007-2011 Norman M. Sadeh
The Problem with Default Settings
People tend not to modify their default settings
…Too often Facebook & Co. would like us to start as if we were all “green”
Copyright © 2007-2011 Norman M. Sadeh
…Rich Preferences…
Loopt & Latitude: Failure due to conservative defaults & restrictive settings (“white lists”)
Copyright © 2007-2011 Norman M. Sadeh
Here’s the Real Kicker!
More than 2x the sharing with Facebook Friends!2.5 x times the sharing with advertisers!!
Users just err on the safe side in setting up their preferences
…But How Do You Achieve This?
Copyright © 2007-2011 Norman M. Sadeh
…Canonical Privacy Personas
Copyright © 2007-2011 Norman M. Sadeh 14
Pittsburgh, PA
Shopping and Shopping and DiningDiningShopping and Shopping and DiningDining
UniversityUniversityUniversityUniversity
ResidentialResidentialResidentialResidential
Location Entropy
Copyright © 2007-2011 Norman M. Sadeh 15
Intrinsic Privacy Preferences
Users are more comfortable sharing locations with high entropy
Copyright © 2007-2011 Norman M. Sadeh
Auditing Functionality
Copyright © 2007-2011 Norman M. Sadeh
Impact of Auditing
Auditing No Auditing
Average: 122 hr/week
Average: 101 hr/week
Copyright © 2007-2011 Norman M. Sadeh
Possiblenew rule
Possible rule modification
Engaging Users with Suggestions (patent pending)
Mon Tue Wed Thu Fri Sat Sun
Colleagues
Spouse
FriendsJohnMikeSteveDavePat
HelenChuckMike
Sue
Possiblenew group
Legend: Access granted Suggested Rule Change
Audited Request Audit says Deny Access Audit says Grant Access
Copyright © 2007-2011 Norman M. Sadeh
Not really…
…but we need to help users find their comfort level rather than push aggressive default settings on them
Understandable personas
Auditing
Dialogues & suggestions
So…Are They Irreconcilable?
Copyright © 2007-2011 Norman M. Sadeh
Minimize future “regret”
Use preferences of like-minded users who have been using the app for 6 months to:
Suggest starting preferences
Help users refine their preferences
…Or Even Nudging Users….
Copyright © 2007-2011 Norman M. Sadeh
Moving Away from “Disclose” vs. “Do Not Disclose”
“I’m shopping”, “I’m out of town”, …
September 2010 - Slide 21
Functional (F) Business name (B)
Hybrid (H)
State (1) City (2)Region/
Neighborhood(3)Street/
Intersection (4)
Semantic (S) Geographic (G)
Place Names
Personal (P) Address (A) Landmark (L)
House/Builing (5)
Floor/Room (6)
Top Level
Sub Classes
GRANULARITY
Hybrid(6.0%)
(a)
(b)
Hybrid 6.0%
(c)
Copyright © 2007-2011 Norman M. Sadeh
So Is There Room for Innovation?
We just discussed location
Mobile & social networking: wide range of contextual attributes, apps and services
Ultimately, we will need privacy agents to assist us
Intelligent and capable of asking users just the right questions at the right time
September 2010 - Slide 22
www.locaccino.com
Locaccino: A First Success Story
Copyright © 2007-2011 Norman M. Sadeh
Q&AResearch at the Mobile Commerce Lab is funded by the US National Science Foundation, the US Army Research Office, CMU CyLab, Microsoft, Google, Nokia, France Telecom, and ICTI
The User-Controllable Privacy Platform on top of which Locaccino
is built is now commercialized by Zipano Technologies.
Copyright © 2007-2011 Norman M. Sadeh
Relevant Publications - I Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and
Jinghai Rao. Understanding and Capturing People’s Privacy Policies in a Mobile Social Networking Application Journal of Personal and Ubiquitous Computing 2009.
Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, and Norman M. Sadeh. Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden? PETS ’09.
Janice Tsai, Patrick Kelley, Paul Hankes Drielsma, Lorrie Cranor, Jason Hong, and Norman Sadeh.Who’s Viewed You? The Impact of Feedback in a Mobile-location System. CHI ’09.
Patrick Kelley, Paul Hankes Drielsma, Norman Sadeh, Lorrie Cranor. User Controllable Learning of Security and Privacy Policies. AISec 2008.
Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Lorrie Faith Cranor. Capturing Location Privacy Preferences: Quantifying Accuracy and User Burden Tradeoffs. CMU-ISR Tech Report 10-105, March 2010. Accepted for publication in Journal of Personal and Ubiquitous Computing
Michael Benisch, Patrick Gage Kelley, Norman Sadeh, Lorrie Faith Cranor, Capturing Location-Privacy Preferences: Quantifying Accuracy and User-Burden Tradeoffs. CMU-ISR Tech Report 10-105, March 2010
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh. User-Controllable Security and Privacy for Pervasive Computing. The 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007). 2007.
Norman Sadeh, Fabien Gandon and Oh Buyng Kwon. Ambient Intelligence: The MyCampus Experience School of Computer Science, Carnegie Mellon University, Technical Report CMU-ISRI-05-123, July 2005.
Copyright © 2007-2011 Norman M. Sadeh
Relevant Publications - II P. Gage Kelley, M. Benisch, L. Cranor and N. Sadeh, “When Are Users Comfortable
Sharing Locations with Advertisers”, in Proceedings of the 29th annual SIGCHI Conference on Human Factors in Computing Systems, CHI2011, May 2011. Also available as CMU School of Computer Science Technical Report, CMU-ISR-10-126 and CMU CyLab Tech Report CMU-CyLab-10-017.
J. Cranshaw, E. Toch, J. Hong, A. Kittur, N. Sadeh, "Bridging the Gap Between Physical Location and Online Social Networks", in Proceedings of the Twelfth International Conference on Ubiquitous Computing. Ubicomp 2010
E. Toch, J. Cranshaw, P.H. Drielsma, J. Y. Tsai, P. G. Kelley, L. Cranor, J. Hong, N. Sadeh, "Empirical Models of Privacy in Location Sharing", in Proceedings of the Twelfth International Conference on Ubiquitous Computing. Ubicomp 2010
Jialiu Lin, Guang Xiang, Jason I. Hong, and Norman Sadeh, "Modeling People’s Place Naming Preferences in Location Sharing", Proc. of the 12th ACM International Conference on Ubiquitous Computing, Copenhagen, Denmark, Sept 26-29, 2010.
Karen Tang, Jialiu Lin, Jason Hong, Norman Sadeh, Rethinking Location Sharing: Exploring the Implications of Social-Driven vs. Purpose-Driven Location Sharing. Proc. of the 12th ACM International Conference on Ubiquitous Computing, Copenhagen, Denmark, Sept 26-29, 2010.
Copyright © 2007-2011 Norman M. Sadeh
Some Press Coverage
September 2010 - Slide 27
Startup Zipano sells privacy software to control
who can find you, Pittsburgh Post Gazette
“As Location-Sharing Services Grow, Privacy
Concerns Do Too”, Wall Street Journal
“The Mobile Net: Why to Worry about Privacy
Regs”, Business Week
“Now You Can Track Colleages and Students on
Your Laptop”, Chronicle of Higher Education