Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Thesis Proposal Slides

Thesis Proposal Slides

The deck used for my 2010 thesis proposal. More details at http://patrickgage.com/dpi/

305d7a2c6345cedd1247628c7c6c26ec?s=128

Patrick Gage Kelley

December 07, 2010
Tweet

Transcript

  1. Designing Privacy Interfaces Design Patterns for Understanding and Control

  2. Designing Privacy Interfaces Design Patterns for Understanding and Control Patrick

    Gage Kelley Thesis Proposal Computation, Organizations & Society School of Computer Science Carnegie Mellon University December 7th 2010 Thesis Committee Lorrie Faith Cranor, co-chair Norman Sadeh, co-chair Alessandro Acquisti Sunny Consolvo 3
  3. 4

  4. Girl Expects 20000+ At Party • A 14 year old

    in Britain makes the details of her party (including address) public • Thousands RSVP, the party is cancelled, and police patrols are set up 5 “She did not realise that she was creating a public event and should have done. She is going to have to change her mobile phone SIM card because of the number of calls she has been getting about it. Rebecca did not understand the privacy settings and she has lost her internet as a result of that – I’ve taken away her computer so she won’t make that mistake again.”
  5. Insurance pulled over Facebook pics • “[she received] monthly sick

    leave checks as part of her benefit package—until Blanchard posted photos to her private Facebook profile depicting her having fun at her own birthday party.” • “Manulife confirmed that it does, in fact, use social networking sites to investigate clients.” 6 http://arstechnica.com/web/news/2009/11/creepy-insurance-company-pulls- coverage-due-to-facebook-pics.ars
  6. Thesis Statement • The goal of this work is to

    explore how a series of design patterns help consumers better understand data practices, take more active control of their information, and can compel them to behave in a more privacy-protecting manner. • The design patterns I will explore include: simplified design, standardization, explanation, automation, nudging, and holistic views. 7
  7. Domains 1. Privacy Labels 2. Friend Grouping 3. Twitter 8

  8. Privacy Labels

  9. Privacy Policies • Inform consumers about privacy practices • Consumers

    can decide whether practices are acceptable, when to opt-out • Most policies require college-level skills to understand, long, change without notice • Few people read privacy policies • Existing privacy policies are not an effective way to inform consumers or give them privacy controls 10
  10. Privacy Policies Format Study • Participants answered reading-comprehension and opinion

    questions about privacy policies in various formats • Accurate answers to questions where they could find the answer by scanning or key-words • Does Acme use cookies? (98%) • People had trouble with more reading comprehension • Does this policy allow Acme to put you on an email marketing list? (71%) • Does this policy allow Acme to share your email address with a marketing company that might put you on their email marketing list? (52%) • Even well-written policies are not well-liked and difficult to use 11 A.M. McDonald, R.W. Reeder, P.G. Kelley, and L.F. Cranor. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies Symposium 2009. http://lorrie.cranor.org/pubs/authors-version-PETS-formats.pdf
  11. 12 Can more intentionally designed, standardized privacy policy formats benefit

    consumers?
  12. 13 Can more intentionally designed, standardized privacy policy formats benefit

    consumers? • Ease of understanding • Speed of information-finding • Ability to make comparisons • Consumer opinion
  13. 14

  14. 15 Laboratory Study • 24 participants • within subjects design

    to compare label and text policies • 8 tasks, measured time and accuracy • 6 opinion questions Iterative Design Approach 5 focus groups • 7-11 participants each • explored attitudes towards privacy policies • tested understanding of labels and symbols
  15. Design Evolution 16 Final Proposed Design Design Evolution Acme Privacy

    Policy Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. A "Nutrition Label" for Privacy. SOUPS 2009.
  16. Standardized Label 17

  17. 18 Removes wiggle room and complicated terminology by using four

    standard symbols
  18. 19 Allows for quick high- level visual feedback by looking

    at the overall intensity of the page
  19. 20 Allows for information to be found in the same

    place every time
  20. 21 Legend & Definitions

  21. Five Formats Compared 22 Std. Table Std. Short Table Std.

    Short Text Full Policy Text Layered Text
  22. 23 Overall Accuracy Results

  23. Why Design Patterns? • I can keep designing new interfaces,

    saying look at these good things that will make interfaces better, and applying them • Or I can abstract them, detail them, explain how and why they work, and help other designers and developers 24
  24. Domains 1. Privacy Labels 2. Friend Grouping 3. Twitter 25

  25. 26 Friend Grouping

  26. Friends vs. Friends 27 Paul Adams. e Real Life Social

    Network http://www.slideshare.net/padday/the-real-life-social-network-v2
  27. 28

  28. 29

  29. Grouping Exploration 30

  30. Domains 1. Privacy Labels 2. Friend Grouping 3. Twitter 31

  31. Twitter 32

  32. 33

  33. How violations occur Something terribly embarrassing or private 34

  34. How violations occur Something terribly embarrassing or private RT @privateuser:

    Something terribly embarrassing or private 35
  35. How violations occur Something terribly embarrassing or private RT @privateuser:

    Something terribly embarrassing or private 36
  36. Privacy on Twitter 37 RT@ IWantPrivacy: Widespread Violation of Privacy

    Settings in the Twitter Social Network. B. Meeder, J Tam, P.G. Kelley, L. F. Cranor. Web 2.0 Privacy and Security Workshop, IEEE Symposium on Security and Privacy. (PDF)
  37. Privacy on Twitter 38 RT@ IWantPrivacy: Widespread Violation of Privacy

    Settings in the Twitter Social Network. B. Meeder, J Tam, P.G. Kelley, L. F. Cranor. Web 2.0 Privacy and Security Workshop, IEEE Symposium on Security and Privacy. (PDF)
  38. Twitter 39

  39. Twitter 40

  40. Twitter 41

  41. Design Patterns standardization explanation automation nudging holistic views simplified design

    42
  42. A Design Patterns Introduction • Began in Architecture • Adopted

    by Software Engineers • Migrated into the HCI community 43 ▪ Alexander, C. (1977). A Pattern Language: Towns, Buildings, Construction. USA: Oxford University Press. 978-0-19-501919-3. ▪ Tidwell, J. (2005). Designing Interfaces: Patterns for Effective Interaction Design. O’Reilly. 978-0596008031
  43. Standardization • Standardized terms, layouts, interface design patterns, and user

    options will be used to simplify and clarify • both the information presented • and the methods for users interaction 44
  44. Standardization Example 45 Please keep in mind that any opt-out

    choices you make will not apply in situations where (a) you either have made, simultaneously make, or later make a specific request for information from a member of e Bell Group, (b) e Bell Group uses your personal information for either “Operational Uses” or “Fulfillment Uses” (as described above in A3), (c) you either have engaged, simultaneously engage, or later engage in either Non-Registered Transactions or Sponsored Activities (as described above in A3), or (d) e Bell Group shares your personal information under the provisions of A3 above with respect to “Companies at Facilitate Communications and Transactions With You,” “Companies at You Previously
  45. 46 Allows for information to be found in the same

    place every time
  46. Explanation • Definitions, additional explanation, and potential outcomes/impacts • So

    users seeking a deeper understanding can learn more • These additional layers of education will often be revealed only after a user shows an interest for more 47
  47. Explanation Example 48

  48. Automation • If applicable an automated computer system should learn

    and repeat a users preferred behaviors • Taking decisions away from users through automation (or moving them to advanced setting screens) can simplify the choices users must make • Given they understand the places where automation is used, and the impact it has 49
  49. Automation Example 50

  50. Automation Example 51

  51. Nudging • Where a preferred behavior is recognized: • The

    interface will leverage graphic design principles to make this action more likely (e.g., increased size, emphasized text, color, prominent placement, etc.) • Or modify the user experience through system messages, time delays, or other interactions 52
  52. Nudging Example 53 • “RT @PUN Come to my birthday

    tonight at DBA Gallery & Wine Bar. The address is 256 S Main St Pomona, CA 91766.. No cover or dresscode..” • “RT @PUN: If you need to reach me tonight, I’ll be at (###) ###-#### Where is that?” • “Haha! Don’t hurt ‘em! RT @PUN: I’m about to use company time to look for a new job.” • “Lol I agrere RT @PUN: I wish my boss would grow some f*cking testicles and quit being a c*nt”
  53. Holistic Views • Finally, privacy interfaces should have a single,

    comprehensive, high-level view of the complete system • While much detail will need to be abstracted away, the holistic view should show users an overall state 54
  54. Holistic views example 55

  55. Simplified Design • Throughout, good communication/information design principles are applied:

    • simplified interfaces • removed clutter (text and graphic), • high level overviews and current status • clear labels • clear demarcations between sections • few colors, few text styles • repetition 56
  56. Thesis Statement • The goal of this work is to

    explore how a series of design patterns help consumers better understand data practices, take more active control of their information, and can compel them to behave in a more privacy-protecting manner. • The design patterns I will explore include: simplified design, standardization, explanation, automation, nudging, and holistic views. 57
  57. 58 Privacy Label Twitter Friend Grouping Standardization ✓ ✓ Explanation

    ✓ ✓ Automation ✓ ✓ Nudging ✓ ✓ Holistic views ✓ ✓ ✓ Simplified design ✓ ✓ ✓
  58. Contributions • A series of design patterns • Defined and

    detailed to help developers and designers dealing with real privacy concerns • Not just observed, but tested and verified across three domains • Three proposal “apps” across domains that solve real privacy problems, and people can actually use 59
  59. Timeline 60 Study Description Timeline A Label Design Work Done

    A Large Scale Label Study Done A Label Design Pattern Isolation Summer 2011 B Grouping Exploration Done B Social Network Sharing Spring/Summer 2011 B Grouping Test Application Fall 2011 C Privacy Leaks on Twitter Done C Mental Models of Status Privacy Ongoing C Privatweet Test Spring/Summer 2011 C Privatweet Mobile Fall 2011
  60. Timeline 61

  61. CyLab&Usable&Privacy&and&Security&Laboratory&&&&&&&&&&&&&&h7p://cups.cs.cmu.edu/& & & & & & & & http://cups.cs.cmu.edu Patrick

    Gage Kelley patrickgage.com me@patrickgage.com twitter.com/patrickgage Janice Tsai, Robert Reeder, Aleecia McDonald, Steve Won, Steve Sheng, PK, Robert McGuire, Cristian Bravo-Lillo, Joanna Bresee, Lucian Cesca, Clare-Marie Karat, Jason Hong, Lujo Bauer, Golan Levin, Paul Hankes-Drielsma, Robin Brewer, Yael Mayer, Michelle Mazurek, Kami Vaniea, Michael Benisch & everyone at the Mobile Commerce Lab and the CyLab Usable Privacy and Security Lab & Sunny Consolvo, Alessandro Acquisti, Norman Sadeh, and Lorrie Cranor 62 ese slides and the proposal at: http://patrickgagekelley.com/dpi/