in Britain makes the details of her party (including address) public • Thousands RSVP, the party is cancelled, and police patrols are set up 5 “She did not realise that she was creating a public event and should have done. She is going to have to change her mobile phone SIM card because of the number of calls she has been getting about it. Rebecca did not understand the privacy settings and she has lost her internet as a result of that – I’ve taken away her computer so she won’t make that mistake again.”
leave checks as part of her benefit package—until Blanchard posted photos to her private Facebook profile depicting her having fun at her own birthday party.” • “Manulife confirmed that it does, in fact, use social networking sites to investigate clients.” 6 http://arstechnica.com/web/news/2009/11/creepy-insurance-company-pulls- coverage-due-to-facebook-pics.ars
explore how a series of design patterns help consumers better understand data practices, take more active control of their information, and can compel them to behave in a more privacy-protecting manner. • The design patterns I will explore include: simplified design, standardization, explanation, automation, nudging, and holistic views. 7
can decide whether practices are acceptable, when to opt-out • Most policies require college-level skills to understand, long, change without notice • Few people read privacy policies • Existing privacy policies are not an effective way to inform consumers or give them privacy controls 10
questions about privacy policies in various formats • Accurate answers to questions where they could find the answer by scanning or key-words • Does Acme use cookies? (98%) • People had trouble with more reading comprehension • Does this policy allow Acme to put you on an email marketing list? (71%) • Does this policy allow Acme to share your email address with a marketing company that might put you on their email marketing list? (52%) • Even well-written policies are not well-liked and difficult to use 11 A.M. McDonald, R.W. Reeder, P.G. Kelley, and L.F. Cranor. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies Symposium 2009. http://lorrie.cranor.org/pubs/authors-version-PETS-formats.pdf
to compare label and text policies • 8 tasks, measured time and accuracy • 6 opinion questions Iterative Design Approach 5 focus groups • 7-11 participants each • explored attitudes towards privacy policies • tested understanding of labels and symbols
saying look at these good things that will make interfaces better, and applying them • Or I can abstract them, detail them, explain how and why they work, and help other designers and developers 24
Settings in the Twitter Social Network. B. Meeder, J Tam, P.G. Kelley, L. F. Cranor. Web 2.0 Privacy and Security Workshop, IEEE Symposium on Security and Privacy. (PDF)
Settings in the Twitter Social Network. B. Meeder, J Tam, P.G. Kelley, L. F. Cranor. Web 2.0 Privacy and Security Workshop, IEEE Symposium on Security and Privacy. (PDF)
by Software Engineers • Migrated into the HCI community 43 ▪ Alexander, C. (1977). A Pattern Language: Towns, Buildings, Construction. USA: Oxford University Press. 978-0-19-501919-3. ▪ Tidwell, J. (2005). Designing Interfaces: Patterns for Effective Interaction Design. O’Reilly. 978-0596008031
choices you make will not apply in situations where (a) you either have made, simultaneously make, or later make a specific request for information from a member of e Bell Group, (b) e Bell Group uses your personal information for either “Operational Uses” or “Fulfillment Uses” (as described above in A3), (c) you either have engaged, simultaneously engage, or later engage in either Non-Registered Transactions or Sponsored Activities (as described above in A3), or (d) e Bell Group shares your personal information under the provisions of A3 above with respect to “Companies at Facilitate Communications and Transactions With You,” “Companies at You Previously
users seeking a deeper understanding can learn more • These additional layers of education will often be revealed only after a user shows an interest for more 47
and repeat a users preferred behaviors • Taking decisions away from users through automation (or moving them to advanced setting screens) can simplify the choices users must make • Given they understand the places where automation is used, and the impact it has 49
interface will leverage graphic design principles to make this action more likely (e.g., increased size, emphasized text, color, prominent placement, etc.) • Or modify the user experience through system messages, time delays, or other interactions 52
tonight at DBA Gallery & Wine Bar. The address is 256 S Main St Pomona, CA 91766.. No cover or dresscode..” • “RT @PUN: If you need to reach me tonight, I’ll be at (###) ###-#### Where is that?” • “Haha! Don’t hurt ‘em! RT @PUN: I’m about to use company time to look for a new job.” • “Lol I agrere RT @PUN: I wish my boss would grow some f*cking testicles and quit being a c*nt”
comprehensive, high-level view of the complete system • While much detail will need to be abstracted away, the holistic view should show users an overall state 54
• simplified interfaces • removed clutter (text and graphic), • high level overviews and current status • clear labels • clear demarcations between sections • few colors, few text styles • repetition 56
explore how a series of design patterns help consumers better understand data practices, take more active control of their information, and can compel them to behave in a more privacy-protecting manner. • The design patterns I will explore include: simplified design, standardization, explanation, automation, nudging, and holistic views. 57
detailed to help developers and designers dealing with real privacy concerns • Not just observed, but tested and verified across three domains • Three proposal “apps” across domains that solve real privacy problems, and people can actually use 59
A Large Scale Label Study Done A Label Design Pattern Isolation Summer 2011 B Grouping Exploration Done B Social Network Sharing Spring/Summer 2011 B Grouping Test Application Fall 2011 C Privacy Leaks on Twitter Done C Mental Models of Status Privacy Ongoing C Privatweet Test Spring/Summer 2011 C Privatweet Mobile Fall 2011
Gage Kelley patrickgage.com me@patrickgage.com twitter.com/patrickgage Janice Tsai, Robert Reeder, Aleecia McDonald, Steve Won, Steve Sheng, PK, Robert McGuire, Cristian Bravo-Lillo, Joanna Bresee, Lucian Cesca, Clare-Marie Karat, Jason Hong, Lujo Bauer, Golan Levin, Paul Hankes-Drielsma, Robin Brewer, Yael Mayer, Michelle Mazurek, Kami Vaniea, Michael Benisch & everyone at the Mobile Commerce Lab and the CyLab Usable Privacy and Security Lab & Sunny Consolvo, Alessandro Acquisti, Norman Sadeh, and Lorrie Cranor 62 ese slides and the proposal at: http://patrickgagekelley.com/dpi/