-
A Closer Look at the Existing Risks of Generative AI: Mapping the Who, What, and How of Real-World Incidents
Authors:
Megan Li,
Wendy Bickersteth,
Ningjing Tang,
Jason Hong,
Lorrie Cranor,
Hong Shen,
Hoda Heidari
Abstract:
Due to its general-purpose nature, Generative AI is applied in an ever-growing set of domains and tasks, leading to an expanding set of risks of harm impacting people, communities, society, and the environment. These risks may arise due to failures during the design and development of the technology, as well as during its release, deployment, or downstream usages and appropriations of its outputs.…
▽ More
Due to its general-purpose nature, Generative AI is applied in an ever-growing set of domains and tasks, leading to an expanding set of risks of harm impacting people, communities, society, and the environment. These risks may arise due to failures during the design and development of the technology, as well as during its release, deployment, or downstream usages and appropriations of its outputs. In this paper, building on prior taxonomies of AI risks, harms, and failures, we construct a taxonomy specifically for Generative AI failures and map them to the harms they precipitate. Through a systematic analysis of 499 publicly reported incidents, we describe what harms are reported, how they arose, and who they impact. We report the prevalence of each type of harm, underlying failure mode, and harmed stakeholder, as well as their common co-occurrences. We find that most reported incidents are caused by use-related issues but bring harm to parties beyond the end user(s) of the Generative AI system at fault, and that the landscape of Generative AI harms is distinct from that of traditional AI. Our work offers actionable insights to policymakers, developers, and Generative AI users. In particular, we call for the prioritization of non-technical risk and harm mitigation strategies, including public disclosures and education and careful regulatory stances.
△ Less
Submitted 2 June, 2025; v1 submitted 28 May, 2025;
originally announced May 2025.
-
Design and Evaluation of Privacy-Preserving Protocols for Agent-Facilitated Mobile Money Services in Kenya
Authors:
Karen Sowon,
Collins W. Munyendo,
Lily Klucinec,
Eunice Maingi,
Gerald Suleh,
Lorrie Faith Cranor,
Giulia Fanti,
Conrad Tucker,
Assane Gueye
Abstract:
Mobile Money (MoMo), a technology that allows users to complete digital financial transactions using a mobile phone without requiring a bank account, has become a common method for processing financial transactions in Africa and other developing regions. Operationally, users can deposit (exchange cash for mobile money tokens) and withdraw with the help of human agents who facilitate a near end-to-…
▽ More
Mobile Money (MoMo), a technology that allows users to complete digital financial transactions using a mobile phone without requiring a bank account, has become a common method for processing financial transactions in Africa and other developing regions. Operationally, users can deposit (exchange cash for mobile money tokens) and withdraw with the help of human agents who facilitate a near end-to-end process from customer onboarding to authentication and recourse. During deposit and withdraw operations, know-your-customer (KYC) processes require agents to access and verify customer information such as name and ID number, which can introduce privacy and security risks. In this work, we design alternative protocols for mobile money deposits and withdrawals that protect users' privacy while enabling KYC checks. These workflows redirect the flow of sensitive information from the agent to the MoMo provider, thus allowing the agent to facilitate transactions without accessing a customer's personal information. We evaluate the usability and efficiency of our proposed protocols in a role play and semi-structured interview study with 32 users and 15 agents in Kenya. We find that users and agents both generally appear to prefer the new protocols, due in part to convenient and efficient verification using biometrics, better data privacy and access control, as well as better security mechanisms for delegated transactions. Our results also highlight some challenges and limitations that suggest the need for more work to build deployable solutions.
△ Less
Submitted 24 December, 2024;
originally announced December 2024.
-
Conference Submission and Review Policies to Foster Responsible Computing Research
Authors:
Lorrie Cranor,
Kim Hazelwood,
Daniel Lopresti,
Amanda Stent
Abstract:
This report by the CRA Working Group on Socially Responsible Computing outlines guidelines for ethical and responsible research practices in computing conferences. Key areas include avoiding harm, responsible vulnerability disclosure, ethics board review, obtaining consent, accurate reporting, managing financial conflicts of interest, and the use of generative AI. The report emphasizes the need fo…
▽ More
This report by the CRA Working Group on Socially Responsible Computing outlines guidelines for ethical and responsible research practices in computing conferences. Key areas include avoiding harm, responsible vulnerability disclosure, ethics board review, obtaining consent, accurate reporting, managing financial conflicts of interest, and the use of generative AI. The report emphasizes the need for conference organizers to adopt clear policies to ensure responsible computing research and publication, highlighting the evolving nature of these guidelines as understanding and practices in the field advance.
△ Less
Submitted 18 August, 2024;
originally announced August 2024.
-
Detection and Impact of Debit/Credit Card Fraud: Victims' Experiences
Authors:
Eman Alashwali,
Ragashree Mysuru Chandrashekar,
Mandy Lanyon,
Lorrie Faith Cranor
Abstract:
It might be intuitive to expect that small or reimbursed financial loss resulting from credit or debit card fraud would have low or no financial impact on victims. However, little is known about the extent to which financial fraud impacts victims psychologically, how victims detect the fraud, which detection methods are most efficient, and how the fraud detection and reporting processes can be imp…
▽ More
It might be intuitive to expect that small or reimbursed financial loss resulting from credit or debit card fraud would have low or no financial impact on victims. However, little is known about the extent to which financial fraud impacts victims psychologically, how victims detect the fraud, which detection methods are most efficient, and how the fraud detection and reporting processes can be improved. To answer these questions, we conducted a 150-participant survey of debit/credit card fraud victims in the US. Our results show that significantly more participants reported that they were impacted psychologically than financially. However, we found no relationship between the amount of direct financial loss and psychological impact, suggesting that people are at risk of being psychologically impacted regardless of the amount lost to fraud. Despite the fact that bank or card issuer notifications were related to faster detection of fraud, more participants reported detecting the fraud after reviewing their card or account statements rather than from notifications. This suggests that notifications may be underutilized. Finally, we provide a set of recommendations distilled from victims' experiences to improve the debit/credit card fraud detection and reporting processes.
△ Less
Submitted 15 August, 2024;
originally announced August 2024.
-
Recruiting Teenage Participants for an Online Security Experiment: A Case Study Using Peachjar
Authors:
Elijah Bouma-Sims,
Lily Klucinec,
Mandy Lanyon,
Lorrie Faith Cranor,
Julie Downs
Abstract:
The recruitment of teenagers for usable privacy and security research is challenging, but essential. This case study presents our experience using the online flier distribution service Peachjar to recruit minor teenagers for an online security experiment. By distributing fliers to 90 K-12 schools, we recruited a diverse sample of 55 participants at an estimated cost per participant of $43.18. We d…
▽ More
The recruitment of teenagers for usable privacy and security research is challenging, but essential. This case study presents our experience using the online flier distribution service Peachjar to recruit minor teenagers for an online security experiment. By distributing fliers to 90 K-12 schools, we recruited a diverse sample of 55 participants at an estimated cost per participant of $43.18. We discuss the benefits and drawbacks of Peachjar, concluding that it can facilitate the recruitment of a geographically diverse sample of teens for online studies, but it requires careful design to protect against spam and may be more expensive than other online methods. We conclude by proposing ways of using Peachjar more effectively.
△ Less
Submitted 1 August, 2024;
originally announced August 2024.
-
Work From Home and Privacy Challenges: What Do Workers Face and What are They Doing About it?
Authors:
Eman Alashwali,
Joanne Peca,
Mandy Lanyon,
Lorrie Cranor
Abstract:
The COVID-19 pandemic has reshaped the way people work, normalizing the practice of working from home. However, work from home (WFH) can cause a blurring of personal and professional boundaries, surfacing new privacy issues, especially when workers take work meetings from their homes. As WFH arrangements are now standard practice in many organizations, addressing the associated privacy concerns sh…
▽ More
The COVID-19 pandemic has reshaped the way people work, normalizing the practice of working from home. However, work from home (WFH) can cause a blurring of personal and professional boundaries, surfacing new privacy issues, especially when workers take work meetings from their homes. As WFH arrangements are now standard practice in many organizations, addressing the associated privacy concerns should be a key part of creating healthy work environments for workers. To this end, we conducted a scenario-based survey with 214 US-based workers who currently work from home regularly. Our results suggest that privacy invasions are commonly experienced while working from home and cause discomfort to many workers. However, only a minority said that the discomfort escalated to cause harm to them or others and that the harm was almost always minor and psychological. While scenarios that restrict worker autonomy (prohibit turning off camera or microphone) are the least experienced scenarios, they are associated with the highest reported discomfort. In addition, participants reported measures that violated or would violate their employer's autonomy-restricting rules to protect their privacy. We also find that conference tool settings that can prevent privacy invasions are not widely used compared to manual privacy-protective measures. Our findings provide a better understanding of the privacy challenges landscape that WFH workers face and how they address them, providing useful insights to organizations' policymakers and technology designers for areas of improvements, to provide healthier work environments to workers.
△ Less
Submitted 19 March, 2025; v1 submitted 14 July, 2024;
originally announced July 2024.
-
What Do Privacy Advertisements Communicate to Consumers?
Authors:
Xiaoxin Shen,
Eman Alashwali,
Lorrie Faith Cranor
Abstract:
When companies release marketing materials aimed at promoting their privacy practices or highlighting specific privacy features, what do they actually communicate to consumers? In this paper, we explore the impact of privacy marketing on: (1) consumers' attitudes toward the organizations providing the campaigns, (2) overall privacy awareness, and (3) the actionability of suggested privacy advice.…
▽ More
When companies release marketing materials aimed at promoting their privacy practices or highlighting specific privacy features, what do they actually communicate to consumers? In this paper, we explore the impact of privacy marketing on: (1) consumers' attitudes toward the organizations providing the campaigns, (2) overall privacy awareness, and (3) the actionability of suggested privacy advice. To this end, we investigated the impact of four privacy advertising videos and one privacy game published by five different technology companies. We conducted 24 semi-structured interviews with participants randomly assigned to view one or two of the videos or play the game. Our findings suggest that awareness of privacy features can contribute to positive perceptions of a company or its products. The ads we tested were more successful in communicating the advertised privacy features than the game we tested. We observed that advertising a single privacy feature using a single metaphor in a short ad increased awareness of the advertised feature. The game failed to communicate privacy features or motivate study participants to use the features. Our results also suggest that privacy campaigns can be useful for raising awareness about privacy features and improving brand image, but may not be the most effective way to teach viewers how to use privacy features.
△ Less
Submitted 24 July, 2024; v1 submitted 22 May, 2024;
originally announced May 2024.
-
Matcha: An IDE Plugin for Creating Accurate Privacy Nutrition Labels
Authors:
Tianshi Li,
Lorrie Faith Cranor,
Yuvraj Agarwal,
Jason I. Hong
Abstract:
Apple and Google introduced their versions of privacy nutrition labels to the mobile app stores to better inform users of the apps' data practices. However, these labels are self-reported by developers and have been found to contain many inaccuracies due to misunderstandings of the label taxonomy. In this work, we present Matcha, an IDE plugin that uses automated code analysis to help developers c…
▽ More
Apple and Google introduced their versions of privacy nutrition labels to the mobile app stores to better inform users of the apps' data practices. However, these labels are self-reported by developers and have been found to contain many inaccuracies due to misunderstandings of the label taxonomy. In this work, we present Matcha, an IDE plugin that uses automated code analysis to help developers create accurate Google Play data safety labels. Developers can benefit from Matcha's ability to detect user data accesses and transmissions while staying in control of the generated label by adding custom Java annotations and modifying an auto-generated XML specification. Our evaluation with 12 developers showed that Matcha helped our participants improved the accuracy of a label they created with Google's official tool for a real-world app they developed. We found that participants preferred Matcha for its accuracy benefits. Drawing on Matcha, we discuss general design recommendations for developer tools used to create accurate standardized privacy notices.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels
Authors:
Yanzi Lin,
Jaideep Juneja,
Eleanor Birrell,
Lorrie Faith Cranor
Abstract:
Privacy labels -- standardized, compact representations of data collection and data use practices -- are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work.…
▽ More
Privacy labels -- standardized, compact representations of data collection and data use practices -- are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work. In this work, we evaluated Android Data Safety Labels and explored how differences between the two label designs impact user comprehension and label utility. We conducted a between-subjects, semi-structured interview study with 12 Android users and 12 iOS users. While some users found Android Data Safety Labels informative and helpful, other users found them too vague. Compared to iOS App Privacy Labels, Android users found the distinction between data collection groups more intuitive and found explicit inclusion of omitted data collection groups more salient. However, some users expressed skepticism regarding elided information about collected data type categories. Most users missed critical information due to not expanding the accordion interface, and they were surprised by collection practices excluded from Android's definitions. Our findings also revealed that Android users generally appreciated information about security practices included in the labels, and iOS users wanted that information added.
△ Less
Submitted 6 January, 2024; v1 submitted 6 December, 2023;
originally announced December 2023.
-
User Experiences with Third-Party SIM Cards and ID Registration in Kenya and Tanzania
Authors:
Edith Luhanga,
Karen Sowon,
Lorrie Faith Cranor,
Giulia Fanti,
Conrad Tucker,
Assane Gueye
Abstract:
Mobile money services in Sub-Saharan Africa (SSA) have increased access to financial services. To ensure proper identification of users, countries have put in place Know-Your-Customer (KYC) measures such as SIM registration using an official identification. However, half of the 850 million people without IDs globally live in SSA, and the use of SIM cards registered in another person's name (third-…
▽ More
Mobile money services in Sub-Saharan Africa (SSA) have increased access to financial services. To ensure proper identification of users, countries have put in place Know-Your-Customer (KYC) measures such as SIM registration using an official identification. However, half of the 850 million people without IDs globally live in SSA, and the use of SIM cards registered in another person's name (third-party SIM) is prevalent. In this study, we explore challenges that contribute to and arise from the use of third-party SIM cards. We interviewed 36 participants in Kenya and Tanzania. Our results highlight great strides in ID accessibility, but also highlight numerous institutional and social factors that contribute to the use of third-party SIM cards. While privacy concerns contribute to the use of third-party SIM cards, third-party SIM card users are exposed to significant security and privacy risks, including scams, financial loss, and wrongful arrest.
△ Less
Submitted 1 November, 2023;
originally announced November 2023.
-
The Role of User-Agent Interactions on Mobile Money Practices in Kenya and Tanzania
Authors:
Karen Sowon,
Edith Luhanga,
Lorrie Faith Cranor,
Giulia Fanti,
Conrad Tucker,
Assane Gueye
Abstract:
Digital financial services have catalyzed financial inclusion in Africa. Commonly implemented as a mobile wallet service referred to as mobile money (MoMo), the technology provides enormous benefits to its users, some of whom have long been unbanked. While the benefits of mobile money services have largely been documented, the challenges that arise -- especially in the interactions between human s…
▽ More
Digital financial services have catalyzed financial inclusion in Africa. Commonly implemented as a mobile wallet service referred to as mobile money (MoMo), the technology provides enormous benefits to its users, some of whom have long been unbanked. While the benefits of mobile money services have largely been documented, the challenges that arise -- especially in the interactions between human stakeholders -- remain relatively unexplored. In this study, we investigate the practices of mobile money users in their interactions with mobile money agents. We conduct 72 structured interviews in Kenya and Tanzania (n=36 per country). The results show that users and agents design workarounds in response to limitations and challenges that users face within the ecosystem. These include advances or loans from agents, relying on the user-agent relationships in place of legal identification requirements, and altering the intended transaction execution to improve convenience. Overall, the workarounds modify one or more of what we see as the core components of mobile money: the user, the agent, and the transaction itself. The workarounds pose new risks and challenges for users and the overall ecosystem. The results suggest a need for rethinking privacy and security of various components of the ecosystem, as well as policy and regulatory controls to safeguard interactions while ensuring the usability of mobile money.
△ Less
Submitted 31 August, 2023;
originally announced September 2023.
-
Privacy Perceptions and Behaviors of Google Personal Account Holders in Saudi Arabia
Authors:
Eman Alashwali,
Lorrie Faith Cranor
Abstract:
While privacy perceptions and behaviors have been investigated in Western societies, little is known about these issues in non-Western societies. To bridge this gap, we interviewed 30 Google personal account holders in Saudi Arabia about their privacy perceptions and behaviors regarding the activity data that Google saves about them. Our study focuses on Google's Activity Controls, which enable us…
▽ More
While privacy perceptions and behaviors have been investigated in Western societies, little is known about these issues in non-Western societies. To bridge this gap, we interviewed 30 Google personal account holders in Saudi Arabia about their privacy perceptions and behaviors regarding the activity data that Google saves about them. Our study focuses on Google's Activity Controls, which enable users to control whether, and how, Google saves their Web \& App Activity, Location History, and YouTube History. Our results show that although most participants have some level of awareness about Google's data practices and the Activity Controls, many have only vague awareness, and the majority have not used the available controls. When participants viewed their saved activity data, many were surprised by what had been saved. While many participants find Google's use of their data to improve the services provided to them acceptable, the majority find the use of their data for ad purposes unacceptable. We observe that our Saudi participants exhibit similar trends and patterns in privacy awareness, attitudes, preferences, concerns, and behaviors to what has been found in studies in the US. Our results emphasize the need for: 1) improved techniques to inform users about privacy settings during account sign-up, to remind users about their settings, and to raise awareness about privacy settings; 2) improved privacy setting interfaces to reduce the costs that deter many users from changing the settings; and 3) further research to explore privacy concerns in non-Western cultures.
△ Less
Submitted 7 August, 2024; v1 submitted 19 August, 2023;
originally announced August 2023.
-
Ask the Experts: What Should Be on an IoT Privacy and Security Label?
Authors:
Pardis Emami-Naeini,
Yuvraj Agarwal,
Lorrie Faith Cranor,
Hanan Hibshi
Abstract:
Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with pri…
▽ More
Information about the privacy and security of Internet of Things (IoT) devices is not readily available to consumers who want to consider it before making purchase decisions. While legislators have proposed adding succinct, consumer accessible, labels, they do not provide guidance on the content of these labels. In this paper, we report on the results of a series of interviews and surveys with privacy and security experts, as well as consumers, where we explore and test the design space of the content to include on an IoT privacy and security label. We conduct an expert elicitation study by following a three-round Delphi process with 22 privacy and security experts to identify the factors that experts believed are important for consumers when comparing the privacy and security of IoT devices to inform their purchase decisions. Based on how critical experts believed each factor is in conveying risk to consumers, we distributed these factors across two layers---a primary layer to display on the product package itself or prominently on a website, and a secondary layer available online through a web link or a QR code. We report on the experts' rationale and arguments used to support their choice of factors. Moreover, to study how consumers would perceive the privacy and security information specified by experts, we conducted a series of semi-structured interviews with 15 participants, who had purchased at least one IoT device (smart home device or wearable). Based on the results of our expert elicitation and consumer studies, we propose a prototype privacy and security label to help consumers make more informed IoT-related purchase decisions.
△ Less
Submitted 11 February, 2020;
originally announced February 2020.
-
Towards a Privacy Research Roadmap for the Computing Community
Authors:
Lorrie Cranor,
Tal Rabin,
Vitaly Shmatikov,
Salil Vadhan,
Daniel Weitzner
Abstract:
Great advances in computing and communication technology are bringing many benefits to society, with transformative changes and financial opportunities being created in health care, transportation, education, law enforcement, national security, commerce, and social interactions. Many of these benefits, however, involve the use of sensitive personal data, and thereby raise concerns about privacy. F…
▽ More
Great advances in computing and communication technology are bringing many benefits to society, with transformative changes and financial opportunities being created in health care, transportation, education, law enforcement, national security, commerce, and social interactions. Many of these benefits, however, involve the use of sensitive personal data, and thereby raise concerns about privacy. Failure to address these concerns can lead to a loss of trust in the private and public institutions that handle personal data, and can stifle the independent thought and expression that is needed for our democracy to flourish.
This report, sponsored by the Computing Community Consortium (CCC), suggests a roadmap for privacy research over the next decade, aimed at enabling society to appropriately control threats to privacy while enjoying the benefits of information technology and data science. We hope that it will be useful to the agencies of the Federal Networking and Information Technology Research and Development (NITRD) Program as they develop a joint National Privacy Research Strategy over the coming months. The report synthesizes input drawn from the privacy and computing communities submitted to both the CCC and NITRD, as well as past reports on the topic.
△ Less
Submitted 11 April, 2016;
originally announced April 2016.
-
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords
Authors:
Jeremiah Blocki,
Saranga Komanduri,
Lorrie Cranor,
Anupam Datta
Abstract:
We report on a user study that provides evidence that spaced repetition and a specific mnemonic technique enable users to successfully recall multiple strong passwords over time. Remote research participants were asked to memorize 4 Person-Action-Object (PAO) stories where they chose a famous person from a drop-down list and were given machine-generated random action-object pairs. Users were also…
▽ More
We report on a user study that provides evidence that spaced repetition and a specific mnemonic technique enable users to successfully recall multiple strong passwords over time. Remote research participants were asked to memorize 4 Person-Action-Object (PAO) stories where they chose a famous person from a drop-down list and were given machine-generated random action-object pairs. Users were also shown a photo of a scene and asked to imagine the PAO story taking place in the scene (e.g., Bill Gates---swallowing---bike on a beach). Subsequently, they were asked to recall the action-object pairs when prompted with the associated scene-person pairs following a spaced repetition schedule over a period of 127+ days. While we evaluated several spaced repetition schedules, the best results were obtained when users initially returned after 12 hours and then in $1.5\times$ increasing intervals: 77% of the participants successfully recalled all 4 stories in 10 tests over a period of 158 days. Much of the forgetting happened in the first test period (12 hours): 89% of participants who remembered their stories during the first test period successfully remembered them in every subsequent round. These findings, coupled with recent results on naturally rehearsing password schemes, suggest that 4 PAO stories could be used to create usable and strong passwords for 14 sensitive accounts following this spaced repetition schedule, possibly with a few extra upfront rehearsals. In addition, we find that there is an interference effect across multiple PAO stories: the recall rate of 100% (resp. 90%) for participants who were asked to memorize 1 PAO story (resp. 2 PAO stories) is significantly better than the recall rate for participants who were asked to memorize 4 PAO stories. These findings yield concrete advice for improving constructions of password management schemes and future user studies.
△ Less
Submitted 23 January, 2020; v1 submitted 6 October, 2014;
originally announced October 2014.
-
Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices
Authors:
Lorrie Faith Cranor
Abstract:
A variety of tools have been introduced recently that are designed to help people protect their privacy on the Internet. These tools perform many different functions in-cluding encrypting and/or anonymizing communications, preventing the use of persistent identifiers such as cookies, automatically fetching and analyzing web site privacy policies, and displaying privacy-related information to use…
▽ More
A variety of tools have been introduced recently that are designed to help people protect their privacy on the Internet. These tools perform many different functions in-cluding encrypting and/or anonymizing communications, preventing the use of persistent identifiers such as cookies, automatically fetching and analyzing web site privacy policies, and displaying privacy-related information to users. This paper discusses the set of privacy tools that aim specifically at facilitating notice and choice about Web site data practices. While these tools may also have components that perform other functions such as encryption, or they may be able to work in conjunction with other privacy tools, the primary pur-pose of these tools is to help make users aware of web site privacy practices and to make it easier for users to make informed choices about when to provide data to web sites. Examples of such tools include the Platform for Privacy Preferences (P3P) and various infomediary services.
△ Less
Submitted 14 January, 2000;
originally announced January 2000.
-
Beyond Concern: Understanding Net Users' Attitudes About Online Privacy
Authors:
Lorrie Faith Cranor,
Joseph Reagle,
Mark S. Ackerman
Abstract:
People are concerned about privacy, particularly on the Internet. While many studies have provided evidence of this concern, few have explored the nature of the concern in detail, especially for the online environment. With this study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand how they are…
▽ More
People are concerned about privacy, particularly on the Internet. While many studies have provided evidence of this concern, few have explored the nature of the concern in detail, especially for the online environment. With this study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand how they are concerned. We hope our results will help inform both policy decisions as well as the development of technology tools that can assist Internet users in protecting their privacy.
We present results here from the analysis of 381 questionnaires completed between November 6 and November 13, 1998 by American Internet users. The sample was drawn from the FamilyPC magazine/Digital Research, Inc. Family Panel. While this is not a statistically representative sample of US Internet users, our respondents are heavy Internet users, and quite possibly lead innovators. As such, we believe that this sample is important for understanding the future Internet user population.
△ Less
Submitted 18 April, 1999;
originally announced April 1999.
-
Influencing Software Usage
Authors:
Lorrie Faith Cranor,
Rebecca N. Wright
Abstract:
Technology designers often strive to design systems that are flexible enough to be used in a wide range of situations. Software engineers, in particular, are trained to seek general solutions to problems. General solutions can be used not only to address the problem at hand, but also to address a wide range of problems that the designers may not have even anticipated. Sometimes designers wish to…
▽ More
Technology designers often strive to design systems that are flexible enough to be used in a wide range of situations. Software engineers, in particular, are trained to seek general solutions to problems. General solutions can be used not only to address the problem at hand, but also to address a wide range of problems that the designers may not have even anticipated. Sometimes designers wish to provide general solutions, while encouraging certain uses of their technology and discouraging or precluding others. They may attempt to influence the use of technology by ``hard-wiring'' it so that it only can be used in certain ways, licensing it so that those who use it are legally obligated to use it in certain ways, issuing guidelines for how it should be used, or providing resources that make it easier to use the technology as the designers intended than to use it in any other way.
This paper examines several cases where designers have attempted to influence the use of technology through one of these mechanisms. Such cases include key recovery encryption, Pegasus Mail, Platform for Internet Content Selection (PICS) Guidelines, Java, Platform for Privacy Preferences Project (P3P) Implementation Guide, Apple's style guidelines, and Microsoft Foundation Classes. In some of these cases, the designers sought to influence the use of technology for competitive reasons or in order to promote standardization or interoperability. However, in other cases designers were motivated by policy-related goals such as protecting privacy or free speech. As new technologies are introduced with the express purpose of advancing policy-related goals (for example, PICS and P3P), it is especially important to understand the roles designers might play in influencing the use of technology.
△ Less
Submitted 11 September, 1998;
originally announced September 1998.
